Search our Knowledge Base sites to find answers to your questions.
Ask All Knowledge Base Sites All Knowledge Base Sites JunosE Defect (KA)Knowledge BaseSecurity AdvisoriesTechnical BulletinsTechnotes Sign in to display secure content and recently viewed articles18.3R3-S2: Software Release Notification for JUNOS Software Version 18.3R3-S2
Junos Software service Release version 18.3R3-S2 is now available.
NOTE
Warning: With VPLS/Bridge-Domain environment, an MX/EX9200 Series router with Trio-based MPCs running software version 18.3R3-S2. The MPCs may experience NH memory leak in the PFEs when using integrated routing and bridging (IRB) interface participating in the VPLS/Bridge-domain instance. This causes the MPCs to ran out of memory and restart unexpectedly. There is no workaround.
PR1463859 introduces a software defect that causes a 10GE interface to flap continuously when configured with the WAN-PHY framing with the default "hold-down" timer (0). Once you upgrade a router to an affected software release, the interface may flap continuously. This is not applicable to an interface with the default framing - LAN-PHY. [TSB17782]
PR Number | Synopsis | Category: DOT1X |
---|---|---|
1462479 | EX-4600-EX-4300: Mac entry missing in Ethernet-Switching table for Mac-radius client in server fail scenario when tagged is sent for 2 client Product-Group=junos |
In case of server_fail scenario, When tagged traffic is sent for first client MAC learning happen for both data and voice. But for second client on same interface learning happening only for voice. Because vlan is already added for an interface due to first client authentication process. |
PR Number | Synopsis | Category: LLDP |
1464553 | The LLDP packets might get discarded on all Junos platforms Product-Group=junos |
On all Junos platforms, the LLDP packet received from any other vendor might get discarded. The issue is seen when there are two location-id in the same packet and the Junos device considers the LLDP packet as duplicate and discards it. This might result in the PoE phone not coming up or neighborship information not getting exchanged. |
PR Number | Synopsis | Category: EX4300 PFE |
1491348 | The traffic destined to VRRP VIP might be dropped after the IRB interface is disabled on the initial VRRP master Product-Group=junos |
On the EX4300 virtual-chassis scenario, the traffic destined to the VRRP Virtual IP Address (VIP) might be dropped on the Virtual-Chassis if the VRRP IRB interface is disabled on the initial VRRP master. For details, please refer to the following topology and problem description. |
PR Number | Synopsis | Category: EX9200 Platform |
1467459 | The MAC move message may have an incorrect "from" interface when MAC moves rapidly Product-Group=junos |
On the EX2300/3400/4300/4600/9200 platform, in some cases, if MAC moves rapidly, traffic might be impacted and the MAC move message might have an incorrect "from" interface. |
PR Number | Synopsis | Category: EX2300/3400 platform |
1452209 | The MAC Pause frames will be incrementing on Receive direction if half duplex mode on 10M or 100M speed is configured Product-Group=junosvae |
On EX3400 with half duplex mode on 10M or 100M speed at medium traffic rates, MAC pause frames will be seen on the port and egress traffic on the port will stop to flow. |
1452209 | The MAC Pause frames will be incrementing on Receive direction if half duplex mode on 10M or 100M speed is configured Product-Group=junos |
On EX3400 with half duplex mode on 10M or 100M speed at medium traffic rates, MAC pause frames will be seen on the port and egress traffic on the port will stop to flow. |
1467707 | FPCs might get disconnected from EX3400 VC briefly after reboot/upgrade Product-Group=junos |
On EX3400 Virtual Chassis, during reboot or upgrade, because of a high CPU load in slow path of fxpc, TCP keep alive message is not sent. Hence, it is observed that sometimes a few Virtual Chassis members might get disconnected from the Virtual Chassis briefly and join back in 3-6 minutes. |
1477165 | EX3400 me0 interface might remain down Product-Group=junos |
The me0 interface of EX3400 does not come up when connected to 100m speed interface. |
PR Number | Synopsis | Category: MX10008/16 Platform |
1420571 | "show chassis power" output status doesn't seem right and there are also similar error messages in the syslog after turn off / on power feed Product-Group=junos |
After changing the power feed(s), either turn off or turn on, show chassis power outputs do not match real condition and there are also incorrect Syslog information recorded. |
PR Number | Synopsis | Category: Hardware Escalation |
1426910 | Drift messages in ACX2200 which is a PTP hybrid (PTP+syncE) device Product-Group=junos |
On ACX2200 configured with PTP+SyncE , slave devices might get impacted due to high PDVs. This is observed through drift messages in the router. |
PR Number | Synopsis | Category: Platform-side analytics for QFX |
1456282 | Telemetry traffic might not be sent out when telemetry server is reachable through different routing-instance Product-Group=junos |
On QFX Series switches (except for QFX10000) with Jvision enabled, the telemetry traffic might be locally dropped when the egress interface to the telemetry server is a part of non-default routing-instance. |
PR Number | Synopsis | Category: QFX Multichassis Link Aggregrate |
1488681 | MClag consistency check for multiple irb's configured with same vrrp-group Product-Group=junos |
The MClag consistency check fails if the same vrrp-group is used for multiple irb configurations on Local and Remote REs of the MCLAG topology. This change corrects the defect and makes the MClag consistency check to pass. |
PR Number | Synopsis | Category: QFX Access control list |
1476708 | ARP packets are always sent to CPU regardless of whether the storm-control is activated Product-Group=junos |
On QFX5K platforms with VXLAN or VLAN scenario, ARP packets are not rate limited by the storm-control settings as the ARP packets will be copied to CPU by VLAN register settings and can be only rate limited by the CPU Queues rate-limit settings (ARP DDOS Queues). |
PR Number | Synopsis | Category: QFX PFE L2 |
1467466 | Few MAC addresses might be missing from MAC table in software on QFX5k platform. Product-Group=junos |
On QFX5k platform, if Packet Forwarding Engine process is restarted manually or device reboot occurs, some MAC address(es) might not be seen on software MAC table but MAC address will be present in hardware table. |
1481031 | Connectivity is broken through LAG due to members configured with hold-time and force-up Product-Group=junos |
Connectivity through link aggregation group bundle could break after there is a flap event on the physical ports when one physical member interface is configured with hold-time and the other member interface is having LACP force-up feature configured. |
1499422 | The FPC will go down when 100G link comes up on the network port of the QFX5110-48S device Product-Group=junos |
On the QFX5110-48S device running on Junos 19.3R2-S2, 18.2R3-S3 or 18.2R3-S4, the FPC will go down when the 100G link comes up on the network port. This leads to FPC up and down every 90 seconds. During the prolem state running CLI "show chassis fpc detail" will not yield any output for upto 90sec. user@device> show chassis fpc detail. <-------- Empty Once FPC state transition back to online state, the 100G transceivers gets detected and fpc flap is seen again. This behavior is seen continuously as long as 100G transceivers remain connected to the QFX device in question. If 100G interfaces gets disabled from CLI or physically removed from the QFX switch, the FPC flap will no longer be seen. Note: This issue is not applicable when 100G-QSFP is used as a VCP port on QFX5110-48S. |
PR Number | Synopsis | Category: QFX L3 data-plane/forwarding |
1460791 | JDI-RCT : QFX 5100 VC/VCF : Observing Error brcm_ipmc_route_counter_delete:3900Multicast stat destroy failed (-10:Operation still running) after ISSU with Mini-PDT base configurations Product-Group=junos |
"multicast stats related errors like " brcm_ipmc_route_counter_delete:3900Multicast stat destroy failed (-10:Operation still running)" will be observed during ISSU and these messages are harmless and does not affect multicast functionality". |
1475819 | Traffic might not be forwarded over ECMP link in EVPN VXLAN scenario Product-Group=junosvae |
On QFX5110/QFX5120 platforms, when Traffic Load Balance is used in EVPN VXLAN scenario, traffic might not be forwarded over ECMP link after the ECMP link flapped. |
1487707 | CPU port queue gets full due to excessive pause frames being received on interfaces, this causes control packets from the CPU to all ports to be dropped. Product-Group=junos |
On QFX5000 platforms (QFX5100/QFX5110/QFX5120/QFX5200/QFX5210) with point-to-point multi-link scenario, when the switch ingress buffer saturation happens, all interfaces on multi-link stop sending traffic at the same time. |
PR Number | Synopsis | Category: QFX PFE MPLS |
1475395 | Traffic blackhole might be seen on PE when CE sends traffic to PE and the destination is resolved with two LSPs through one upstream interface Product-Group=junos |
On QFX5K platforms with Layer3 VPN scenario, when CE sends traffic to PE and the destination is resolved with two LSPs through one upstream interface, the traffic blackhole might be seen on PE. It happens in ECMP scenario. |
PR Number | Synopsis | Category: Accounting Profile |
1458143 | A problem with statistics on some interfaces of a router may be observed after FPC or PIC reboot Product-Group=junos |
In some rare scenarios upon FPC or PIC reboot, the pfed (packet forwarding engine daemon) database may not get updated with the correct location_id for some physical interfaces (IFDs), then a problem with statistics on some interfaces of a router may be observed. If this issue happens in the subscriber management environment, and depending on the radius server configuration, it may cause the subscribers to get disconnected by the radius server because of the radius server can not receive the proper statistics update for the subscribers from the pfed. |
PR Number | Synopsis | Category: CoS support on ACX |
1455722 | ACX5048 snmp polling will stalled after the link flap/ sfp replacement and ACX_COS_HALP(acx_cos_gport_sched_set_strict_priority:987): Failed to detach logs will be seen Product-Group=junos |
When inserting a SFP, the lowest ifd index available is assigned to the new interface created. During this sfp attach, an ifd-halp entry is also created in cos table for the interface. When SFPs are swapped and SFPs get their IFD index assigned interchanged as that of their old IFDs, issue is observed. As per PFE, the bcm port for the interface remains the same while IFD alone changes when removed and inserted. Hence while creating an ifd-entry for the interface in cos table, it is checked for any old entry still present for same bcm port. But the check done to validate for any old entry is improper. It does not check whether the old ifd index present is still for same bcm port. Due to this check missing, a valid ifd-entry of some other interface is getting deleted in cos table. Introduced the additional validation to ensure the old ifd index of the interface is still for same bcm port. Deleting of old ifd-entry is done only if bcm port of current entry and old ifd entry are same. Also added in existing debug message to display the ifd index which is getting deleted. |
PR Number | Synopsis | Category: ACX Services feature |
1479710 | dcpfe core when disabling/enabling macsec via Toby scripts Product-Group=junos |
dcpfe core when disabling/enabling macsec via Toby scripts |
PR Number | Synopsis | Category: "agentd" software daemon |
1426871 | The decoding of telemetry data at collector may not be proper if configuring the sensors Product-Group=junos |
On EX and MX platforms, if configuring the sensors to stream data over UDP in static DB, decoding of telemetry data at collector may not be proper. |
PR Number | Synopsis | Category: MPC Fusion SW |
1463859 | The MPC2E-NG/MPC3E-NG card with specific MIC might crash after a high rate of interface flaps Product-Group=junos |
If any MIC of MIC-3D-2XGE-XFP / MIC-3D-4XGE-XFP / MIC-3D-20GE-SFP-E / MIC-3D-20GE-SFP-EH / MIC-MACSEC-20GE is installed in MPC2E-NG/MPC3E-NG card, the Microkernel (uKern) might hog for CPU on Packet Forwarding Engine (PFE) when there is a high rate of interface flaps (~30/40 flaps per second). This will eventually trigger the MPC2E-NG/MPC3E-NG card crash with an NGMPC core file. Normally the excessive interface flapping won't happen frequently in real world and it may be caused due to external environment. This fix will reduce the impact and prevent the uKern hog when having such conditions. |
PR Number | Synopsis | Category: A15 specific issue |
1439744 | The SPC card might stop on SRX5000 line of devices. Product-Group=junos |
On the SRX5400,SRX5600 or SRX5800 platforms with SPC2, the SPC could go into a hung state without processing any traffic. |
PR Number | Synopsis | Category: a20a40 specific issue |
1479255 | The RGx may fail over after RG0 failover in a rare case. Product-Group=junos |
On the SRX5000 platforms with SPC3 in use, the RGx (x>0) failover may be observed followed by RG0 failover, this is a timing issue and due to unexpected "hardware timeout" detected by RGx after RG0 failover. |
PR Number | Synopsis | Category: a2a10 specific issue |
1471524 | The flowd and srxpfe process might stop immediately after you commit the jflowv9 configuration or after you upgrade Junos OS to affected releases. Product-Group=junos |
On all SRX platforms, if Jflow v9 is configured on the device, the flowd/srxpfe daemon might crash when committing the configuration or after upgrading to affected releases. It might show as a hung state for the device or the device will crash. Affected Releases are 12.3X48-D80 to D95 and 15.1X49-D160 to D200. |
PR Number | Synopsis | Category: common or misc area for SRX product |
1467376 | Physically disconnecting the cable from the fxp0 interface causes hardware monitor failure. Product-Group=junos |
On SRX1500 and the SRX4000 line of devices, physically disconnecting the cable from fxp0 interface causes hardware monitor failure and redundancy group failover, when the device is the primary node in a chassis cluster. |
PR Number | Synopsis | Category: These are new categories in the areas of PFE |
1460209 | Loop detection might not work on extended ports in Junos Fusion scenarios Product-Group=junos |
In Junos Fusion scenarios, if loop detection is enabled on extended ports, when a satellite device (SD) is rebooted, or when a satellite device is added or removed/re-added, the loop detection feature might not work. |
PR Number | Synopsis | Category: Bi Directional Forwarding Detection (BFD) |
1470603 | The BFD client session might flap when removing BFD configuration from the peer end (from other vendor) of the BFD session Product-Group=junos |
Currently, when a BFD packet with session state set to "AdminDown" is received by Juniper Device, the Juniper device will check both the session state and the diagnostic code in the packet. If the session state is "AdminDown" and the diagnostic code is 7 (which means "diag AdminDown"), the BFD session will be set to "Down" and the BFD client (i.e. the service which is protected by BFD) will be notified with "AdminDown" and the BFD client session will not flap. But if the BFD packet with session state set to "AdminDown" along with diagnostic code other than 7 is received, the BFD client will be notified with "Down" and the BFD client session will flap. |
PR Number | Synopsis | Category: Border Gateway Protocol |
1414121 | QFX5100 : BGP v4/v6 convergence & RIB install/delete time degraded in 19.1R1/19.2R1/19.3R1/19.4R1 Product-Group=junos |
BGP IPv4 or IPv6 convergence and RIB install/delete time is degraded in Junos OS Releases 19.1R1, 19.2R1, 19.3R1, and 19.4R1. |
1473351 | Removing cluster from BGP group might cause prolonged convergence time Product-Group=junos |
Cluster removal from BGP group might lead to a state where each subsequent change to BGP configuration will trigger import policy reevaluation causing prolonged convergence time of several minutes. This might result in a traffic loss. |
1487691 | High CPU utilization might be observed when the outgoing BGP updates are sending slowly Product-Group=junos |
On all Junos platforms with the BGP routing protocols, the rpd process might go into a high CPU utilization causing slow network convergence. If a BGP peer is receiving and processing BGP updates slowly, this may cause the BGP output queue of the sending BGP peer to be full. When the queue is full it causes high CPU utilization of the BGP IO thread (bgpio, it is part of the rpd daemon) on the sending BGP peer. This defect could cause network-wide slow BGP network convergence. (See also https://kb.juniper.net/TSB17725) |
1487893 | The process rpd may generate soft cores after "always-compare-med" is configured for BGP path-selection Product-Group=junos |
If a manually configured rib-group or automatically generated rib-group (via "family inet labeled-unicast resolve-vpn") is used to copy inet.0 (IP routing table) routes to inet.3 (MPLS routing table), the process rpd may continuously generate soft cores after "protocols bgp path-selection always-compare-med" is configured. |
PR Number | Synopsis | Category: BBE Remote Access Server |
1479697 | The CoA request may not be processed if it includes "proxy-state" attribute Product-Group=junos |
In a subscriber management environment, the CoA requests (such as deactivating/activating subscribers) sent from Radius server will fail if the "proxy-state" attribute is present. This attribute is still unsupported but will now be ignored if it's present in CoA requests. |
PR Number | Synopsis | Category: Chotu platform software |
1450424 | RE-MX2008-X8-128G Secure BIOS Version Mismatch alarms Product-Group=junos |
After reboot of the MX2008, can see below alarms:- 2019-07-22 05:07:57 UTC Minor VMHost RE 1 Secure BIOS Version Mismatch 2019-07-22 05:07:53 UTC Minor VMHost RE 0 Secure BIOS Version Mismatch 2019-07-22 05:07:53 UTC Minor Mixed Master and Backup RE types labroot@BRAIN-RE0> show chassis hardware Hardware inventory: Item Version Part number Serial number Description Chassis JN1261F13AFL MX2008 Routing Engine 0 BUILTIN BUILTIN RE-MX2008-X8-128G <<<< 128G Routing Engine 1 BUILTIN BUILTIN RE-MX2008-X8-128G <<<< 128G In certain platforms due to an issue in mfg packaging lastknown bios images are not present in efi_P/efi_S partition. |
PR Number | Synopsis | Category: L2NG Access Security feature |
1478375 | The process dhcpd may crash in a Junos Fusion environment Product-Group=junos |
On EX92XX platforms with the DHCP snooping configured, if a peer receives DHCPv6 packets from the server without the "client-id" option present, and it is syncing packets to the other side at that time, then the process dhcpd crash may be observed. |
PR Number | Synopsis | Category: Firewall Filter |
1478964 | The filter may not be installed if the "policy-map xx" is present under it Product-Group=junos |
If the "policy-map xx" option is configured under "family mpls" for filters, then the filters may not take effect after committing. |
PR Number | Synopsis | Category: DNX platform MPLS FRR features |
1485444 | ACX5448 L2VPN with interface ethernet-ccc input-vlan-map/output-vlan-map can cause traffic blackhole Product-Group=junos |
On the ACX5448 platform, l2vpn application with ethernet-ccc input-vlan-map/output-vlan-map can experience traffic blackhole while the control plane is still up. This issue is a software defect introduced by changes made via PR1456624 in the ethernet-ccc ingress interface. This software defect adds an internal vlan tag to all packets. As a result, customers' desired vlan-tag was not added in ccc->mpls direction. Causing the remote PE -- expecting vlan-tagged traffic -- to drop these packets due to vlan mismatch. |
PR Number | Synopsis | Category: Covers Application classification workflows apart from custo |
1455465 | The traffic loss might occur when application service is configured Product-Group=junosvae |
On vSRX3.0 platform, traffic loss might occur when application service is configured. |
1455465 | The traffic loss might occur when application service is configured Product-Group=junos |
On vSRX3.0 platform, traffic loss might occur when application service is configured. |
1479684 | Recent changes to JDPI's classification mechanism caused a considerable performance regression Product-Group=junos |
Recent changes to JDPI's (Juniper Deep Packet Inspection) classification mechanism caused a considerable performance regression (more than 30 percent). |
PR Number | Synopsis | Category: Ethernet OAM (LFM) |
1396540 | V44-CFM: NPC crash @ rt_nh_install (rnh=0x618123d8, rnh_src=0x0, rt=< optimized out>, p_rtt=0x74f886c0) at ../../../../src/pfe/common/pfe-arch/trinity/applications/route/rt_nh.c:631 Product-Group=junos |
As part of the EOAM programming the LM counters are allocated. When an interface is deleted, the EOAM LM counters needs to be cleared. This is done as part of EOAM punt deletion. But there are scenarios where the prog punt delete processing is received, the IFL is deleted in ukern. In this case the EOAM NHs are cleared but the LM counters are not freed. this can cause memory leak in jnh. This issue is seen for a scaled config, repeated addition and deletion of the interface configs when EOAM config is present |
PR Number | Synopsis | Category: EVPN control plane issues |
1467309 | The rpd might crash after changing EVPN related configuration Product-Group=junos |
In EVPN scenario without encapsulation type specified (the default EVPN encapsulation type is set to MPLS), if "vlan-id none" and "vni " is configured in EVPN instance, the rpd might crash after changing EVPN related configuration (such as set the encapsulation as vxlan or delete label-allocation scheme). |
1490953 | The rpd core might be seen when doing RE switchover after disabling BGP protocol globally Product-Group=junos |
On EVPN scenario with BGP and routing-instance configured, if BGP protocol is disabled globally and then doing RE switchover, multiple rpd core might be seen. And the rpd does not run on new master RE. Hence it would affect the traffic and service. |
PR Number | Synopsis | Category: EVPN Layer-2 Forwarding |
1484296 | Dead next-hops might flood in a rare scenario after remote PEs are bounced Product-Group=junos |
On all Junos platforms with EVPN-MPLS scenario, due to a timing condition, dead next-hops might flood after remote PEs are bounced. This will affect BUM traffic flooding to remote EVPN PEs. |
PR Number | Synopsis | Category: Issues related to EX MACsec |
1469663 | Traffic loss might be seen with framing errors or runts if MACsec is configured on EX4600/QFX5100 platforms Product-Group=junos |
On EX4600/QFX5100 platforms with Media Access Control Security (MACsec) configured, if there is traffic flowing through the MACsec enabled link, increasing framing errors or runts statistics might be seen in the output of "show interfaces extensive <>" for the affected interface. Traffic loss might also happen due to this issue. |
PR Number | Synopsis | Category: Express PFE FW Features |
1470385 | Incorrect counter value for "Arrival rate" and "Peak rate" for ddos commands Product-Group=junos |
On PTX1000/PTX3000/PTX5000/PTX10000/PTX9000/QFX10000, sending hostpath traffic and check the ddos statistics might lead to incorrect counter value for "Arrival rate" and "Peak rate" for ddos commands |
1491575 | BFD sessions start to flap when the firewall filter in the loopback0 is changed Product-Group=junos |
On all Junos based PTX/QFX10000 series platforms with large filter configuration (e.g. one filter has more than 500 terms or one term has more than 500 filters) scenario, during the change operation of loopback0 filter, the bfd sessions start to flap. |
PR Number | Synopsis | Category: Express PFE Services including JTI, TOE, HostPath, Jflow |
1445585 | Receipt of a malformed packet for J-Flow sampling might create a FPC process core. Product-Group=junos |
Receipt of a malformed packet for J-Flow sampling might create a FPC process core. |
PR Number | Synopsis | Category: Express PFE L2 fwding Features |
1442587 | The PMTUD might not work for both IPv4 and IPv6 if the ingress L3 interface is an irb Product-Group=junos |
Path MTU Discovery (PMTUD) is a standardized technique for determining the maximum transmission unit (MTU) size on the network path between two IP hosts, usually with the goal of avoiding IP fragmentation. On QFX10K platforms, the PMTUD might not work for both IPv4 and IPv6 if the ingress L3 interface is an irb. The corresponding ICMP Fragmentation Needed packet to the sender might be dropped silently, then PMTUD fails. This issue has service impact. |
PR Number | Synopsis | Category: SRX1500 platform software |
1452137 | Hardware failure is seen on both nodes in show chassis cluster status. Product-Group=junosvae |
On the SRX1500 and SRX4xxx platforms, the management interface fxp0 down triggers a major alarm and cause hardware monitoring in jsrpd. |
PR Number | Synopsis | Category: PTX Express ASIC interface |
1412126 | PTX interface stays down after maintenance Product-Group=junos |
On PTX3000/PTX5000 linecard (QSFP28-100GBASE-LR4) interface may stay down after software upgrade. Issue is usually observed on links connected to another vendors equipment. |
PR Number | Synopsis | Category: Kernel software for AE/AS/Container |
1474300 | A newly added LAG member interface might forward traffic even though its micro BFD session is down Product-Group=junos |
On all Junos platforms, if a static Link Aggregate Group (LAG) is configured, and Bidirectional Forwarding Detection (BFD) is enabled on the LAG which is also called as micro BFD, a newly added member link might start to forward traffic immediately when the configuration change commits even though its micro BFD session is still down, for example, add a new member interface only on single end, and the remote member interface is disabled or not added. Therefore, traffic loss might be seen due to this issue. |
PR Number | Synopsis | Category: Integrated Routing & Bridging (IRB) module |
1436924 | IRB over VTEP unicast traffic might get dropped on EX9200/MX platforms Product-Group=junos |
On EX9200/MX platforms running as Provider Edge (PE) nodes in Ethernet Virtual Private Network (EVPN) and Virtual extension LAN (VxLAN) scenario, if the enhanced-ip mode is enabled for chassis configuration, and the EVPN routing instance is configured with Integrated Routing and Bridging (IRB) interface, the unicast traffic which is sent through IRB over Virtual Tunnel End Point (VTEP) might get dropped since it couldn't get routed towards core network due to this issue. [TSB17770] |
1484721 | ARP entry may not be created in the EVPN-MPLS environment Product-Group=junos |
In the EVPN-MPLS environment, if a VLAN is created without having it in "protocols evpn extended-vlan-list", then adding it, the ARP entry may not be created on the device even it receives the ARP packets through the newly added VLAN. |
1484964 | VLAN creation failure might be seen on QFX-series platforms with scaled VLAN and L3 configuration Product-Group=junos |
On QFX platforms with scaled VLAN and L3-interface configuration setup, when the VLANs are deleted and added back quickly, the newer VLANs might not get created successfully. |
PR Number | Synopsis | Category: Adresses ALG issues found in JSF |
1483834 | FTPS traffic might get dropped on SRX/MX platforms if FTP ALG is used Product-Group=junos |
On SRX/MX platforms with FTP ALG enabled, if there are more than one FTPS connection between a pair of FTP client and server, the closure of one connection might cause other connections between that pair of FTP client and server to be affected, hence there might be traffic impact. It is a rare timing issue. |
PR Number | Synopsis | Category: Firewall Authentication |
1475435 | SRX Series: Unified Access Control (UAC) bypass vulnerability (CVE-2020-1637) Product-Group=junos |
A vulnerability in Juniper Networks SRX Series device configured as a Junos OS Enforcer device may allow a user to access network resources that are not permitted by a UAC policy; Refer to https://kb.juniper.net/JSA11018 for more information. |
PR Number | Synopsis | Category: Firewall Network Address Translation |
1479824 | Issuing the show security nat source paired-address command might return an error. Product-Group=junos |
On the SRX series platforms with source NAT configuration, issuing the command "show security nat source paired-address ..." may return an error, which is not expected. It's a corner case, and not reproduced all the time. |
PR Number | Synopsis | Category: IPSEC/IKE VPN |
1421905 | The VPN tunnel might flap when IKE and IPsec rekey happen simultaneously. Product-Group=junos |
The VPN tunnel might flap in a corner case scenario (when IKE and IPsec rekey happen simultaneously). |
PR Number | Synopsis | Category: Security platform jweb support |
1499280 | Junos OS: Security vulnerability in J-Web and web based (HTTP/HTTPS) services Product-Group=junos |
Junos OS: Security vulnerability in J-Web and web based (HTTP/HTTPS) services (CVE-2020-1631). Refer to https://kb.juniper.net/JSA11021 for more information. |
PR Number | Synopsis | Category: Issues related to Jflow Jvision Sensors |
1477445 | Sampling Process may crash when MPLS/MPLS over UDP traffic is sampled Product-Group=junos |
When inline-jflow is configured for sampling MPLS traffic, multi-svsc process running on the FPC may crash due to MPLS resend flow referencing to an unavailable memory location. The issue is related only to MPLS traffic profile and has no bearing with any other jflow i.e. IPv4 and v6. |
PR Number | Synopsis | Category: PFE infra to support jvision |
1456275 | Queue data might be missing from path '/interfaces/interface/state' Product-Group=junos |
On subscribing to '/interfaces/interface/state/' it might get subscribed to '/junos/system/linecard/interface/traffic/' internally, instead of '/junos/system/linecard/interface/queue/' which might impact traffic. |
PR Number | Synopsis | Category: Layer 2 Circuit issues |
1498040 | The l2circuit neighbor might be stuck in rd state at one end of MG-LAG peer Product-Group=junos |
In MC-LAG scenario, if the l2circuit is configured with primary-neighbor or backup-neighbor over the MC-LAG link and the l2ckt (l2ciruits control daemon for pseudowire) session of the primary-neighbor or backup-neighbor is flapped continuously (such as clear neighbor ldp and ospf etc..,), one of the remote neighbors may be stuck in RD (the remote pseudowire neighbor is down)status due to race condition between VC(virtual circuit)status update timer and L2ckt intf status change timer. Then, that pseudowire might be down, the traffic might be impacted if the RD pseudowire is not up. |
PR Number | Synopsis | Category: Layer 2 Control Module |
1473610 | ERP might not come up properly when MSTP and ERP are enabled on the same interface Product-Group=junos |
When both MSTP and ERP are enabled on the same interface, then ERP will not come up properly. |
PR Number | Synopsis | Category: Layer2 forwarding on EX/NTF/PTX/QFX |
1484468 | Packet loss might be observed after device rebooted or l2ald restarted in EVPN-MPLS scenario Product-Group=junos |
In EVPN-MPLS scenario, if the core-facing interface (mpls interface) and the CE-facing interface are on different PEs, and the traffic from core is not continuous and DMAC (Dynamic MAC) ages out, due to an incorrect flood next-hop programming across different PFEs, packet loss might be observed after device rebooted or l2ald restarted. |
PR Number | Synopsis | Category: mc-ae interface |
1447693 | The l2ald might fail to update composite NH Product-Group=junos |
This is a timing issue where the l2ald receive underlay NH from rpd as part of LSI IFF ADD (VPLS core NH) and creates flood NH. Due to a flap at local IFL or core (VPLS etc.), the l2ald receives multiple LSI IFF Add and Delete in some order. In some sequence where rpd delete underlay NH from Kernel Forwarding table but the l2ald still create flood NH with this underlay NH, because IFF delete is yet to be received at the l2ald, so l2ald might fail to update Composite NH. This is generic L2 issue and can happen without mc-ae. |
PR Number | Synopsis | Category: Application specific PRs (cos/snmp/time-sync/routing/BRAS) |
1429797 | Extended Ukern thread(PFEBM task) priority to support BBE performance tuning Product-Group=junos |
Original PFEBM task, which is system-critical for internal network performance/resilience, was running a medium priority; Can see tnp queue errrors by 'show pfebm all' on VCP-bearing FPC when high rate of punt traffic (like ARPs or BGP route updates, etc.) which go through VC links. It needs to run at high priority to assure timely packet handling. |
1493699 | [subscriber_services] [all] JDI_BBE_REGRESSIONS: DHCP subscribers not coming up as expected after deactivating vcp port Product-Group=junos |
In 20.1R1, for MX-VC platforms, setting or deleting a VC port causes other VC ports on the same FPC/MIC slot to bring link state down for a few seconds, possibly interrupting communication with the other member chassis. |
PR Number | Synopsis | Category: Multiprotocol Label Switching |
1445024 | The rpd memory leak might be seen when the inter-domain RSVP LSP is in down state Product-Group=junos |
In inter-domain RSVP (Resource Reservation Protocol) LSP (Label-switched Path) scenario, the rpd memory leak might be seen when the CSPF (Constrained Shortest Path First) tries to recompute the path for the "down" LSP which is due to no route or ERO is incorrectly configured. The issue might lead to rpd crash when the rpd is out of memory and results in traffic loss. |
1497641 | The rpd might crash when SNMP polling is done using OID "jnxMplsTeP2mpTunnelDestTable" Product-Group=junos |
In a very rare P2MP with SNMP scenario, if the OID "jnxMplsTeP2mpTunnelDestTable" is polled by SNMP, the rpd (Routing Protocol Daemon) might crash since the relevant value is empty on the device and SNMP can not walk it at that time. |
PR Number | Synopsis | Category: build tools |
1290089 | jcrypto syslog help package and events are not packaged even when errmsg is compiled Product-Group=junos |
jcrypto syslog help package and events are not packaged even when errmsg is compiled properly. Several of the KMD help syslog entries are missing |
PR Number | Synopsis | Category: FreeBSD Kernel Infrastructure |
1439906 | FPC might reboot if jlock hog occurs on all Junos VM based platforms Product-Group=junos |
On a JUNOS VM using TSC clocking from the host system, "jlock hog" messages may be seen. This may lead to FPCs reboot. |
1483644 | Kernel core might be observed if deactivating daemon on EX2300/EX3400 platforms Product-Group=junos |
On EX2300/EX3400 platforms, kernel core might be seen intermittently if deactivating the daemon using the wired-memory (Wired-Memory that is not eligible to be swapped and is usually used for Routing Engine memory structures or memory physically locked by a process). |
PR Number | Synopsis | Category: "ifstate" infrastructure |
1486161 | Kernel core might be seen if deleting an ifstate Product-Group=junos |
On all Junos platforms, some operations such as configuration change may cause state information to change and eventually cause the ifstate to be deleted. In a very rare case, deleting an ifstate (kernel state) might cause kernel core and RE (Routing Engine) restart. There is no specific trigger, this issue is reported by the configuration change. |
PR Number | Synopsis | Category: Kernel MPLS / Tag / P2MP Infrastructure |
1478806 | Kernel crash and device restart might happen Product-Group=junos |
In a corner case on Junos platform, where the family ccc is configured along with any other existing family within the same interface, like inet, inet6, etc. (basically, Junos never allows to do so, but somehow a customer did it ). And if the family ccc is deleted from the interface, which might cause kernel crash and the device reboot automatically, so all the traffic will be interrupted. |
1493053 | Backup RE might crash unexpectedly due to a rare timing issue Product-Group=junos |
The backup Routing Engine might crash unexpectedly due to a rare timing issue during a route churn in the network. |
1493431 | BGP session might keep flapping between two directly connected BGP peers because of the wrong TCP-MSS in use Product-Group=junos |
In case the two directly connected BGP peers are established over a one-hop LSP, if the IP layer's MTU is smaller than the MPLS layer's MTU, plus the BGP packets from the host have the DF bit set, the BGP session might keep flapping because of the wrong TCP-MSS in use. |
PR Number | Synopsis | Category: JUNOS Network App Infrastructure (for ping, traceroute, etc) |
1484689 | Show system buffer command display's all zero in the MX104 chassis and it looks like cosmetic issue as there is no service impact reported Product-Group=junos |
Corrected the odl tags and buffer data handling while xmlizing the output. |
PR Number | Synopsis | Category: Kernel socket data replication issues for protocols that use |
1472519 | The kernel may crash and vmcore may be observed after configuration change is committed Product-Group=junos |
On all Junos platforms, after committing the configuration change (e.g. removal of protocols like mpls, isis, ldp from the interfaces), then the kernel may crash and vmcore may be observed. This issue also may cause protocol adjacency failure. |
PR Number | Synopsis | Category: PTX Broadway based PFE MPLS-LSPs RSVP VPNs tcc ccc software |
1484255 | FPC might crash when dealing with invalid next-hops Product-Group=junos |
On PTX3000/PTX5000 platform with some specific FPCs, if the weights of links are set to an invalid value on an AE bundle interface or unilist (an unilist next-hop composed of several unicast next-hops), the FPC crash might be observed. It is a rare issue and the FPC will try to reload to resolve this problem. Traffic loss might be seen before the FPC completes the reload period. |
PR Number | Synopsis | Category: PTX5KBroadway based PFE IPv4, IPv6 software |
1479789 | Multicast routes add/delete events might cause adjacency and LSPs to go down Product-Group=junos |
In PTX5000 platform with (FPC2-PTX-P1A | FPC-PTX-P1A), or PTX3000 with FPC-SFF-PTX-P1-A, with PIM scenario, The adjacency relationships of routing protocols and LSPs might go down if add/delete some multicast routes (which can be achieved by flapping interface or protocol) ). It is because that though the routes are deleted, its counter for statistic will not be removed from Junos resulting in memory block for counter exhaustion. And due to the exhaustion, any protocols that are sharing the same memory scope might fail to allocate its own counter, which eventually causes protocol adjacency and LSPs to go down. [TSB17747] |
PR Number | Synopsis | Category: Layer 3 issues for VMX |
1485706 | Interface input error counters are not increasing on MX150 Product-Group=junos |
The input errors on MX150 may be zero under show interfaces extensive output when there are CRC/Align errors on the interface. |
PR Number | Synopsis | Category: Protocol Independant Multicast |
1443056 | PIM RPF selection for the specific multicast group might get incorrectly applied to other multicast groups Product-Group=junos |
On all Junos platforms, changing an RPF interface for a particular multicast group using PIM rpf-selection configuration, might cause other multicast groups to take, a newly changed RPF interface. |
PR Number | Synopsis | Category: Issues related to PKI daemon |
1489249 | Has the risk of service interruption on all SRX platforms with a dual-stacked CA server Product-Group=junos |
On all SRX products with Online Certificate Status Protocol (OCSP) or Certificate Revocation List (CRL) configured which belongs to a dual-stacked (IPv4/IPv6) Certificate Authority (CA) server, and if one of the IP addresses gets failure, all the services that rely on it might be interrupted, as Junos only selects the first IP from the DNS response message as the IP of the OCSP or CRL. |
PR Number | Synopsis | Category: PTP related issues. |
1421811 | PTP might not work on MX104 if phy-timestamping is enabled Product-Group=junos |
On MX104 platform with any 2-port license installed on 10G interfaces and phy-timestamping enabled in PTP, PTP might not work. |
1461031 | The PTP function may hog kernel CPU for a long time Product-Group=junos |
If the PTP function is configured, the process ppmd may be starved due to the defect that PTP function hog kernel CPU for a long time (>100ms), which can cause the "keep-alive" of the corresponding functions timeout such as ppmd based functions - LFM, BFD. |
PR Number | Synopsis | Category: Chassis mgmt for all QFX systems - chassis MIB, alarms, CLI |
1456742 | The laser from the 10G SFP+ interface is still on when the interface is disabled or the device is rebooted Product-Group=junos |
On the QFX5210/QFX5110/QFX5100 platform, the laser is still emitting from 10G SFP+ port even though the interface is disabled or the device is rebooted. It will cause the peer's interface is still up and might impact traffic. |
PR Number | Synopsis | Category: QFX Control Plane Kernel related |
1421250 | A vmcore is seen on QFX VC Product-Group=junos |
On QFX Series Virtual Chassis during shutdown, if an interrupt is received, the system gets into this state and vmcore is observed. |
1421250 | A vmcore is seen on QFX VC Product-Group=junosvae |
On QFX Series Virtual Chassis during shutdown, if an interrupt is received, the system gets into this state and vmcore is observed. |
PR Number | Synopsis | Category: QFX Platform related (SYSLOG/ALARMS/miscellaneous) |
1409448 | The 10G fiber interfaces might flap frequently when they are connected to other vendor's switch Product-Group=junos |
When QFX5100 and other vendor's switch are connected via 10G fiber link, flaps may happen sometimes. |
1419732 | "show interface" indicates "Media type: Fiber" on QFX5100-48T running "QFX 5e Series" image Product-Group=junos |
"show interface" indicates "Media type: Fiber" on QFX5100-48T running "QFX 5e Series" image. This is a display issue. Physical interface: xe-0/0/0, Enabled, Physical link is Down Interface index: 650, SNMP ifIndex: 515 Link-level type: Ethernet, MTU: 1514, LAN-PHY mode, Link-mode: Auto, Speed: Auto, BPDU Error: None, Loop Detect PDU Error: None, Ethernet-Switching Error: None, MAC-REWRITE Error: None, Loopback: Disabled, Source filtering: Disabled, Flow control: Disabled, Auto-negotiation: Disabled, Remote fault: Offline, Media type: Fiber <<<<<< Here!! Should be "Copper" Device flags : Present Running Down Interface flags: Hardware-Down SNMP-Traps Internal: 0x4000 Link flags : None |
1449977 | FPC does not restart immediately after rebooting the system. That might cause packet loss Product-Group=junosvae |
On QFX10008 and QFX100016 switches, the traffic drop occurs after rebooting the system due to the time delay in rebooting the FPC. |
PR Number | Synopsis | Category: QFX platform optics related issues |
1457266 | QFX5110 QSFP-100GBASE-SR4 made by Avago cannot linkup Product-Group=junos |
On QFX5110, interface on QSFP-100GBASE-SR4 whose Xcvr vendor is Avago on the QFX side cannot linkup, FEC errors might be seen on the other side. Note : Do not use 19.3R2-S2, 18.2R3-S3 and 18.2R3-S4 for this fix. The fix causes that FPC will go down when 100G link comes up and this leads FPC up and down every 90 seconds. The fix will work on 19.3R2-S3 and 18.2R3-S5 properly. |
PR Number | Synopsis | Category: Filters |
1480776 | ARP request packets for unknown host might get dropped in remote PE in EVPN-VXLAN scenario Product-Group=junos |
In EVPN-VXLAN environment, when local CE sends ARP request packets for unknown host, the packets will hit firewall-host queue in remote PE. It might trigger DDoS protection policer violations for firewall-host queue hence the ARP request packets might get dropped. |
PR Number | Synopsis | Category: QFX L2 PFE |
1385954 | "CMQFX: Error requesting SET BOOLEAN, illegal setting 66" is generated at booting up. Product-Group=junos |
The following log may be generated at booting up. >> Feb 10 02:15:26 jtac-qfx5100-48s-6q-r2373 : %PFE-3: fpc0 CMQFX: Error requesting SET BOOLEAN, illegal setting 66. This is a cosmetic log and you can ignore the log safely. |
1454095 | Changing the VLAN name associated with access ports may cause that MAC addresses can not be learned under EVPN-VXLAN scenario Product-Group=junos |
On the QFX5k platform with EVPN-VXLAN configured, if the VLAN name associated with access ports is changed, then the virtual bridge domain may not be created. Due to this, the MAC addresses will not be learned. This issue will cause traffic loss. |
1473685 | The RIPv2 packets forwarded across a L2circuit connection might be dropped Product-Group=junos |
When RIPv2 routes are received on a QFX5100/EX4600 platforms, either to or from an L2 circuit connection, such packets are not propagated. This includes directed unicast RIPv2 packets. |
PR Number | Synopsis | Category: QFX MPLS PFE |
1474935 | L2circuit might fail to communicate via VLAN 2 on QFX5K platforms Product-Group=junos |
On QFX5K platforms acting as L2circuit PE (tunnel terminating node), if VLAN 2 is used for L2circuit communication with CE node, the VLAN 2 packets might be dropped on PE. |
PR Number | Synopsis | Category: QFX VC Infrastructure |
1478905 | The default VC MAC persistence timer is incorrectly set to 20 seconds instead of 20 minutes Product-Group=junos |
In QFX5200-32C, QFX5110 VC (Virtual Chassis) scenario, the default VC MAC (Media Access Control) persistence timer is incorrectly set to 20 seconds instead of 20 minutes. If the master VC member is rebooted, the new master member starts using its own MAC address as the system's MAC base address after only 20 seconds instead of 20 minutes. This results in issues like OSPF (Open Shortest Path First) stuck in "init" state after the master VC member reboot. |
PR Number | Synopsis | Category: Routing Information Protocol |
1485009 | The rpd crashes if the same neighbor is set in different RIP groups Product-Group=junos |
If the same neighbor is configured under different RIP groups, the commit check fails to capture this invalid configuration and commit can be done successfully. However the rpd will crash. |
PR Number | Synopsis | Category: rosen-6 and rosen-7 mvpn bugs |
1405887 | The CLI command "show pim mdt data-mdt-limit instance " with family option might cause CPU usage of rpd high Product-Group=junos |
In draft-rosen MVPN scenario with data-mdt, if performing the CLI command "show pim mdt data-mdt-limit instance ", The output might go in loop and the rpd process might use high CPU. |
PR Number | Synopsis | Category: RPD Interfaces related issues |
1498992 | The rpd might crash when multiple VRFs with 'IFLs link-protection' are deleted at a single time Product-Group=junos |
On all Junos platforms with large-scale VRF scenario, the rpd might crash when multiple VRFs with 'routing-options interface IFL link-protection' are deleted via a single commit. |
PR Number | Synopsis | Category: RPD policy options |
1450123 | The rib-group might not process the exported route correctly Product-Group=junos |
The rib-group with a policy that matches route next-hop can fail to add the route to the secondary routing table when matched route next-hop is changed to another one and then referred back again after some time. This issue has traffic impact as the exported route will lose in the secondary routing table. |
PR Number | Synopsis | Category: show route table commands, tracing, and syslog facilities |
1421076 | RPD crash might occur when changing prefix list address from IPv4 to IPv6 Product-Group=junos |
RPD crash might occur when changing prefix list address from IPv4 to IPv6 Configure IPv4 prefix-list: set policy-options prefix-list PREFIX_LIST 10.0.0.0/24 Configure a policy that has "then next policy" term: set policy-options policy-statement POLICY term PREF from prefix-list PREFIX_LIST set policy-options policy-statement POLICY term PREF then next policy set policy-options policy-statement POLICY term END then reject commit Note: If a terminating action is used for term PREF (such as "then accept"/"then reject") the core does not appear. Change prefix-list using "replace-pattern" [edit policy-options prefix-list PREFIX_LIST] replace pattern 10.0.0.0/24 with 2001:10::/64 commit RPD crash occurs |
PR Number | Synopsis | Category: Resource Reservation Protocol |
1359087 | The FPC might be stuck in 'Ready' state after applying a configuration change that will remove RSVP and trigger FPC restart Product-Group=junos |
When 'tunnel-services' is configured under 'chassis fpc <> pic <>', the vt-x/y/z physical interface (IFD) is created for the corresponding FPC. If 'protocols rsvp' is configured, RSVP will create a default vt-x/y/z.u logical interface (IFL) under the corresponding vt-x/y/z IFD. After applying a configuration change that will remove RSVP and trigger FPC restart, the vt-x/y/z.u IFL is not cleaned up due to a code issue. Hence the corresponding vt-x/y/z IFD cannot be cleaned up during the corresponding FPC coming up. The IFD cleaning keeps retrying which cause the corresponding FPC to be stuck in 'Ready' state. |
1469567 | Fast reroute detour next-hop down event might cause primary LSP down in particular scenario Product-Group=junos |
In detour protection scenario (Fast-reroute enabled in LSP) in which the incoming detour LSPs that arrives on the primary next-hop merge with the locally originated detour LSP, sometimes after detour LSP next-hop down event the node incorrectly chooses the primary nhop (next hop) as the detour nhop, as a result it could cause brief traffic loss (a few seconds). |
1476773 | RSVP LSPs might not come up in scaled network with very high number of LSPs if NSR is used on transit router Product-Group=junos |
If NSR is enabled on transit router with scaled RSVP LSPs, RESV message might not be sent from transit router because the path messages replication on master RE does not complete in time. Hence RSVP LSPs might not come up with traffic impact. |
PR Number | Synopsis | Category: RPD API infrastructure |
1481953 | The rpd may crash when executing "show route protocol l2-learned-host-routing" or "show route protocol rift" CLI command on a router Product-Group=junos |
On all Junos platforms, executing the CLI command of "show route protocol l2-learned-host-routing" or "show route protocol rift" on a router may cause the rpd crash if there is an active route in bgp.rtarget.0 routing table. |
PR Number | Synopsis | Category: jflow/monitoring services |
1439630 | Sampling might return incorrect ASN for BGP traffic Product-Group=junos |
In a BGP scenario with sampling enabled, incorrect ASN (autonomous system number) might be returned for the traffic originated from an internal prefix. This is because some AS paths and routes don't hold the latest information in the message buffers that srrd (sampling route-record daemon) uses to send to the clients. |
PR Number | Synopsis | Category: Generic platform and infra issues for MS-MIC and MS-MPC(XLP) |
1464020 | The mspmand might crash when stateful firewall and RPC ALG used on MX platforms with MS-MIC/MS-MPC Product-Group=junos |
On MX platforms with MS-MIC/MS-MPC, when stateful firewall is configured with "application junos-dce-rpc-portmap" and RPC ALG is enabled (both Sun RPC and MS-RPC), the mspmand might crash continuously (about every 15 or 20 minutes). |
PR Number | Synopsis | Category: MS-MPC Logging on MX |
1478972 | TCP-log sessions might be in Established state but no logs get sent out to the syslog server Product-Group=junos |
When TCP-based syslog is configured under the service-set, the Services PICs will establish the TCP sessions with syslog server. When the networks between the syslog server and the MX/SRX are not stable, TCP retransmit may not work properly and cause the TCP sessions to hang. When issuing "show services tcp-log connections", the TCP sessions are still shown in "Established" state, however, no syslog messages are sent to the syslog server. |
PR Number | Synopsis | Category: SRX Argon module bugs |
1480005 | The flowd or srxpfe process might stop when advanced anti-malware service is used. Product-Group=junos |
On all multiple-threads SRX Series devices with Advanced Anti-MalWare service used, in a rare condition that a deadlock might occur among multiple threads, which results in the flowd/srxpfe crash. |
PR Number | Synopsis | Category: security-intelligence feature on SRX |
1482947 | 19.2R2:VSRX3.0:SRX-RIAD:ipfd core found at 0x08601e14 in ipid_msg_process (svr=< optimized out>, client_id=< optimized out>, msg=< optimized out>, len=< optimized out>) at ../../../../../../src/pfe-shared/include/jnx/usp/ipid_shared.h:622 Product-Group=junos |
If ipfd core happens with similar stack trace, it is likely that PR1482947 applies, it is self-heal, does not need special action, and does not impact production traffic |
PR Number | Synopsis | Category: MX10003/MX204 Platform SW - Chassisd s/w defects |
1406952 | MX10003 / MX204 cosmetic message: ALARMD_CONNECTION_FAILURE: after 60 attempts craftd connect returned error: Connection refused Product-Group=junos |
MX10003 / MX204 platform doesn't have craftd process but alarmd keeps on retrying to connect to it. As the connection keeps failing, alarmd logs error message for first 10 minutes. Later it keeps re-trying the connection attempt silently and endlessly every one second. Removing this connection attempt from alarmd process for unsupported platforms. |
PR Number | Synopsis | Category: SRX-1RU HA SW defects |
1487951 | If a cluster-id of 16 or multiples of 16 is used the cluster might not come up Product-Group=junos |
When using the SRX4600 firewall in a cluster, if a cluster-id of 16 or multiples of 16 is being used, the cluster might not come up. |
PR Number | Synopsis | Category: Issues related to broadband edge apps (PPP, DHCP) on Trio ch |
1476786 | Traffic loss may be observed to the LNS subscribers in case the "routing-service" knob is enabled under the dynamic-profile Product-Group=junos |
On the MX platforms working in an enhanced subscriber environment, if the "routing-service" knob is enabled under the dynamic-profile for the LNS subscribers, l2tp services may not be programmed properly in the PFE due to timing, which causes forwarding issue to the affected subscribers. |
PR Number | Synopsis | Category: Trio pfe bridging, learning, stp, oam, irb software |
1468663 | JNH memory leaks might be seen after CFM session flap for LSI/VT interfaces Product-Group=junos |
JNH memory leak may be seen when CFM session over the VPLS LSI interface/VT interface flaps if mip-half-function is used. |
1491091 | MAC malformation might happen in a rare scenario under MX-VC setup Product-Group=junos |
On MX-VC setup, if traffic is going through a VCP (virtual chassis port) port and forwarding to an egress port to the destination, while the traffic is handled entirely by the same PFE, MAC malformation might happen. |
PR Number | Synopsis | Category: Trio pfe multicast software |
1478981 | The convergence time for MVPN fast upstream failover might be more than 50ms Product-Group=junos |
On MX platforms which act as Next Generation Mulicast Virtual Private Network (NG-MVPN) Provider Edge (PE) routers, if the hot-root-standby and sender-based-rpf features are configured to enable MVPN fast upstream failover, once the primary multicast flow rate falls below the configured "mvpn hot-root-standby min-rate rate" threshold, the egress PE router is supposed to take switchover action from the primary flows to the backup ones, and the covergence time should be within 50 milliseconds. Due to this issue, the covergence time might be more than 50ms and reach up to several seconds (e.g. 2~3s) in a highly scaled scenario (e.g. the number of the multicast groups undergoing the switchover simultaneously is greater than 250 groups). This will result in more traffic loss than expected. |
PR Number | Synopsis | Category: Configuration mgmt, ffp, load-action, commit processing |
1468119 | Daemons might not be started if "commit" is executed after "commit check" Product-Group=junos |
On Junos from 16.2R1 onwards, if "commit" is executed after "commit check", the daemon (e.g. dhcpd, sampled) might not be started even the related configuration is successfully committed. |
PR Number | Synopsis | Category: UI Infrastructure - mgd, DAX API, DDL/ODL |
1439805 | When group is applied at non-root level then updating knobs inside the group is not updating hierarchies where it's applied Product-Group=junos |
On all Junos platforms, if a group is applied at non-root level and later some knob from the group is deleted, then change bits are not set for the hierarchy where the group is applied. |
1480348 | TFTP installation from loader prompt may not succeed on the EX series devices Product-Group=junos |
On the EX series platforms with 17.1R1 onwards, software installation from loader prompt may not succeed by using TFTP. |
PR Number | Synopsis | Category: V44 Satellite Device Infra |
1460607 | The dpd crash might be observed on satellite devices in junos fusion enterprise Product-Group=junosvae |
In junos fusion dpd might crash on satellite devices running SNOS. |
PR Number | Synopsis | Category: PTX/QFX10002/8/16 specific software components |
1475871 | Traffic loss might be seen as backup RE takes around 20 seconds to acquire mastership Product-Group=junos |
On the MX10008/10016 platforms, when GRES and NSR are configured, backup RE will take about 20 seconds to acquire mastership after kernel crash on master RE. Due to this long switching time, traffic loss might be seen. Normal RE mastership switchovers are not affected by this issue. |
PR Number | Synopsis | Category: PTX/QFX100002/8/16 platform software |
1464119 | FPC might restart during run time on PTX10K/QFX10K platforms Product-Group=junosvae |
On PTX10K/QFX10K platforms, FPC might restart if there is some corruption in BCM (Broadcom) switch (a small internal ethernet switch, instead of PFE engine) inside the FPC. It is a timing issue. The reason is that the PCIe speed configuration for BCM switch is not correct. And this issue is resolved in some FPC U-boot versions. |
PR Number | Synopsis | Category: Virtual Private LAN Services |
1295664 | LSI interface might not be created causing remote MACs not being learnt with error log of "RPD_KRT_Q_RETRIES: ifl iff add: Device busy" Product-Group=junos |
With VPLS being configured, after upgrade to 15.1/16.1/17.x releases, in some circumstances VPLS LSI interface are not correctly created, causing remote MACs not being learnt and L2 VPLS outage. The issue is not reproduced and the code change is not a fix but add a instrumentation using a hidden command 'show vpls ipc-history', which should be captured right away when the issue is seen on latest releases. show vpls ipc-history <<<<< show vpls connections show krt queue show route forwarding-table extensive /var/log/messages |
PR Number | Synopsis | Category: Virtual Router Redundancy Protocol |
1454895 | The VRRP traffic loss is longer than one second for some backup groups after performing GRES Product-Group=junos |
On all Junos OS platforms, configuring VRRP over the AE interface whose member physical interfaces belong to different PFE (packet forwarding engine), some backup VRRP groups traffic loss are observed longer than one second after performing GRES (graceful Routing Engine switchover). As the expectation is that the outage is subsecond. |
Getting Up and Running with Junos
Getting Up and Running with Junos Security Alerts and Vulnerabilities Product Alerts and Software Release Notices Problem Report (PR) Search Tool EOL Notices and Bulletins JTAC User Guide Customer Care User Guide Pathfinder SRX High Availability Configurator SRX VPN Configurator Training Courses and Videos End User Licence Agreement Global Search