18.3R3-S2: Software Release Notification for JUNOS Software Version 18.3R3-S2

Junos Software service Release version 18.3R3-S2 is now available.
NOTE

Warning: With VPLS/Bridge-Domain environment, an MX/EX9200 Series router with Trio-based MPCs running software version 18.3R3-S2. The MPCs may experience NH memory leak in the PFEs when using integrated routing and bridging (IRB) interface participating in the VPLS/Bridge-domain instance. This causes the MPCs to ran out of memory and restart unexpectedly. There is no workaround.

PR1463859 introduces a software defect that causes a 10GE interface to flap continuously when configured with the WAN-PHY framing with the default "hold-down" timer (0). Once you upgrade a router to an affected software release, the interface may flap continuously. This is not applicable to an interface with the default framing - LAN-PHY. [TSB17782]

18.3R3-S2 - List of Fixed issues

PR Number	Synopsis	Category: DOT1X
1462479	EX-4600-EX-4300: Mac entry missing in Ethernet-Switching table for Mac-radius client in server fail scenario when tagged is sent for 2 client Product-Group=junos	In case of server_fail scenario, When tagged traffic is sent for first client MAC learning happen for both data and voice. But for second client on same interface learning happening only for voice. Because vlan is already added for an interface due to first client authentication process.
PR Number	Synopsis	Category: LLDP
1464553	The LLDP packets might get discarded on all Junos platforms Product-Group=junos	On all Junos platforms, the LLDP packet received from any other vendor might get discarded. The issue is seen when there are two location-id in the same packet and the Junos device considers the LLDP packet as duplicate and discards it. This might result in the PoE phone not coming up or neighborship information not getting exchanged.
PR Number	Synopsis	Category: EX4300 PFE
1491348	The traffic destined to VRRP VIP might be dropped after the IRB interface is disabled on the initial VRRP primary Product-Group=junos	On the EX4300 virtual-chassis scenario, the traffic destined to the VRRP Virtual IP Address (VIP) might be dropped on the Virtual-Chassis if the VRRP IRB interface is disabled on the initial VRRP primary. For details, please refer to the following topology and problem description.
PR Number	Synopsis	Category: EX9200 Platform
1467459	The MAC move message may have an incorrect "from" interface when MAC moves rapidly Product-Group=junos	On the EX2300/3400/4300/4600/9200 platform, in some cases, if MAC moves rapidly, traffic might be impacted and the MAC move message might have an incorrect "from" interface.
PR Number	Synopsis	Category: EX2300/3400 platform
1452209	The MAC Pause frames will be incrementing on Receive direction if half duplex mode on 10M or 100M speed is configured Product-Group=junosvae	On EX3400 with half duplex mode on 10M or 100M speed at medium traffic rates, MAC pause frames will be seen on the port and egress traffic on the port will stop to flow.
1452209	The MAC Pause frames will be incrementing on Receive direction if half duplex mode on 10M or 100M speed is configured Product-Group=junos	On EX3400 with half duplex mode on 10M or 100M speed at medium traffic rates, MAC pause frames will be seen on the port and egress traffic on the port will stop to flow.
1467707	FPCs might get disconnected from EX3400 VC briefly after reboot/upgrade Product-Group=junos	On EX3400 Virtual Chassis, during reboot or upgrade, because of a high CPU load in slow path of fxpc, TCP keep alive message is not sent. Hence, it is observed that sometimes a few Virtual Chassis members might get disconnected from the Virtual Chassis briefly and join back in 3-6 minutes.
1477165	EX3400 me0 interface might remain down Product-Group=junos	The me0 interface of EX3400 does not come up when connected to 100m speed interface.
PR Number	Synopsis	Category: MX10008/16 Platform
1420571	"show chassis power" output status doesn't seem right and there are also similar error messages in the syslog after turn off / on power feed Product-Group=junos	After changing the power feed(s), either turn off or turn on, show chassis power outputs do not match real condition and there are also incorrect Syslog information recorded.
PR Number	Synopsis	Category: Hardware Escalation
1426910	Drift messages in ACX2200 which is a PTP hybrid (PTP+syncE) device Product-Group=junos	On ACX2200 configured with PTP+SyncE , backup devices might get impacted due to high PDVs. This is observed through drift messages in the router.
PR Number	Synopsis	Category: Platform-side analytics for QFX
1456282	Telemetry traffic might not be sent out when telemetry server is reachable through different routing-instance Product-Group=junos	On QFX Series switches (except for QFX10000) with Jvision enabled, the telemetry traffic might be locally dropped when the egress interface to the telemetry server is a part of non-default routing-instance.
PR Number	Synopsis	Category: QFX Multichassis Link Aggregrate
1488681	MClag consistency check for multiple irb's configured with same vrrp-group Product-Group=junos	The MClag consistency check fails if the same vrrp-group is used for multiple irb configurations on Local and Remote REs of the MCLAG topology. This change corrects the defect and makes the MClag consistency check to pass.
PR Number	Synopsis	Category: QFX Access control list
1476708	ARP packets are always sent to CPU regardless of whether the storm-control is activated Product-Group=junos	On QFX5K platforms with VXLAN or VLAN scenario, ARP packets are not rate limited by the storm-control settings as the ARP packets will be copied to CPU by VLAN register settings and can be only rate limited by the CPU Queues rate-limit settings (ARP DDOS Queues).
PR Number	Synopsis	Category: QFX PFE L2
1467466	Few MAC addresses might be missing from MAC table in software on QFX5k platform. Product-Group=junos	On QFX5k platform, if Packet Forwarding Engine process is restarted manually or device reboot occurs, some MAC address(es) might not be seen on software MAC table but MAC address will be present in hardware table.
1481031	Connectivity is broken through LAG due to members configured with hold-time and force-up Product-Group=junos	Connectivity through link aggregation group bundle could break after there is a flap event on the physical ports when one physical member interface is configured with hold-time and the other member interface is having LACP force-up feature configured.
1499422	The FPC will go down when 100G link comes up on the network port of the QFX5110-48S device Product-Group=junos	On the QFX5110-48S device running on Junos 19.3R2-S2, 18.2R3-S3 or 18.2R3-S4, the FPC will go down when the 100G link comes up on the network port. This leads to FPC up and down every 90 seconds. During the prolem state running CLI "show chassis fpc detail" will not yield any output for upto 90sec. user@device> show chassis fpc detail. <-------- Empty Once FPC state transition back to online state, the 100G transceivers gets detected and fpc flap is seen again. This behavior is seen continuously as long as 100G transceivers remain connected to the QFX device in question. If 100G interfaces gets disabled from CLI or physically removed from the QFX switch, the FPC flap will no longer be seen. Note: This issue is not applicable when 100G-QSFP is used as a VCP port on QFX5110-48S.
PR Number	Synopsis	Category: QFX L3 data-plane/forwarding
1460791	JDI-RCT : QFX 5100 VC/VCF : Observing Error brcm_ipmc_route_counter_delete:3900Multicast stat destroy failed (-10:Operation still running) after ISSU with Mini-PDT base configurations Product-Group=junos	"multicast stats related errors like " brcm_ipmc_route_counter_delete:3900Multicast stat destroy failed (-10:Operation still running)" will be observed during ISSU and these messages are harmless and does not affect multicast functionality".
1475819	Traffic might not be forwarded over ECMP link in EVPN VXLAN scenario Product-Group=junosvae	On QFX5110/QFX5120 platforms, when Traffic Load Balance is used in EVPN VXLAN scenario, traffic might not be forwarded over ECMP link after the ECMP link flapped.
1487707	CPU port queue gets full due to excessive pause frames being received on interfaces, this causes control packets from the CPU to all ports to be dropped. Product-Group=junos	On QFX5000 platforms (QFX5100/QFX5110/QFX5120/QFX5200/QFX5210) with point-to-point multi-link scenario, when the switch ingress buffer saturation happens, all interfaces on multi-link stop sending traffic at the same time.
PR Number	Synopsis	Category: QFX PFE MPLS
1475395	Traffic blackhole might be seen on PE when CE sends traffic to PE and the destination is resolved with two LSPs through one upstream interface Product-Group=junos	On QFX5K platforms with Layer3 VPN scenario, when CE sends traffic to PE and the destination is resolved with two LSPs through one upstream interface, the traffic blackhole might be seen on PE. It happens in ECMP scenario.
PR Number	Synopsis	Category: Accounting Profile
1458143	A problem with statistics on some interfaces of a router may be observed after FPC or PIC reboot Product-Group=junos	In some rare scenarios upon FPC or PIC reboot, the pfed (packet forwarding engine daemon) database may not get updated with the correct location_id for some physical interfaces (IFDs), then a problem with statistics on some interfaces of a router may be observed. If this issue happens in the subscriber management environment, and depending on the radius server configuration, it may cause the subscribers to get disconnected by the radius server because of the radius server can not receive the proper statistics update for the subscribers from the pfed.
PR Number	Synopsis	Category: CoS support on ACX
1455722	ACX5048 snmp polling will stalled after the link flap/ sfp replacement and ACX_COS_HALP(acx_cos_gport_sched_set_strict_priority:987): Failed to detach logs will be seen Product-Group=junos	When inserting a SFP, the lowest ifd index available is assigned to the new interface created. During this sfp attach, an ifd-halp entry is also created in cos table for the interface. When SFPs are swapped and SFPs get their IFD index assigned interchanged as that of their old IFDs, issue is observed. As per PFE, the bcm port for the interface remains the same while IFD alone changes when removed and inserted. Hence while creating an ifd-entry for the interface in cos table, it is checked for any old entry still present for same bcm port. But the check done to validate for any old entry is improper. It does not check whether the old ifd index present is still for same bcm port. Due to this check missing, a valid ifd-entry of some other interface is getting deleted in cos table. Introduced the additional validation to ensure the old ifd index of the interface is still for same bcm port. Deleting of old ifd-entry is done only if bcm port of current entry and old ifd entry are same. Also added in existing debug message to display the ifd index which is getting deleted.
PR Number	Synopsis	Category: ACX Services feature
1479710	dcpfe core when disabling/enabling macsec via Toby scripts Product-Group=junos	dcpfe core when disabling/enabling macsec via Toby scripts
PR Number	Synopsis	Category: "agentd" software daemon
1426871	The decoding of telemetry data at collector may not be proper if configuring the sensors Product-Group=junos	On EX and MX platforms, if configuring the sensors to stream data over UDP in static DB, decoding of telemetry data at collector may not be proper.
PR Number	Synopsis	Category: MPC Fusion SW
1463859	The MPC2E-NG/MPC3E-NG card with specific MIC might crash after a high rate of interface flaps Product-Group=junos	If any MIC of MIC-3D-2XGE-XFP / MIC-3D-4XGE-XFP / MIC-3D-20GE-SFP-E / MIC-3D-20GE-SFP-EH / MIC-MACSEC-20GE is installed in MPC2E-NG/MPC3E-NG card, the Microkernel (uKern) might hog for CPU on Packet Forwarding Engine (PFE) when there is a high rate of interface flaps (~30/40 flaps per second). This will eventually trigger the MPC2E-NG/MPC3E-NG card crash with an NGMPC core file. Normally the excessive interface flapping won't happen frequently in real world and it may be caused due to external environment. This fix will reduce the impact and prevent the uKern hog when having such conditions.
PR Number	Synopsis	Category: A15 specific issue
1439744	The SPC card might stop on SRX5000 line of devices. Product-Group=junos	On the SRX5400,SRX5600 or SRX5800 platforms with SPC2, the SPC could go into a hung state without processing any traffic.
PR Number	Synopsis	Category: a20a40 specific issue
1479255	The RGx may fail over after RG0 failover in a rare case. Product-Group=junos	On the SRX5000 platforms with SPC3 in use, the RGx (x>0) failover may be observed followed by RG0 failover, this is a timing issue and due to unexpected "hardware timeout" detected by RGx after RG0 failover.
PR Number	Synopsis	Category: a2a10 specific issue
1471524	The flowd and srxpfe process might stop immediately after you commit the jflowv9 configuration or after you upgrade Junos OS to affected releases. Product-Group=junos	On all SRX platforms, if Jflow v9 is configured on the device, the flowd/srxpfe daemon might crash when committing the configuration or after upgrading to affected releases. It might show as a hung state for the device or the device will crash. Affected Releases are 12.3X48-D80 to D95 and 15.1X49-D160 to D200.
PR Number	Synopsis	Category: common or misc area for SRX product
1467376	Physically disconnecting the cable from the fxp0 interface causes hardware monitor failure. Product-Group=junos	On SRX1500 and the SRX4000 line of devices, physically disconnecting the cable from fxp0 interface causes hardware monitor failure and redundancy group failover, when the device is the primary node in a chassis cluster.
PR Number	Synopsis	Category: These are new categories in the areas of PFE
1460209	Loop detection might not work on extended ports in Junos Fusion scenarios Product-Group=junos	In Junos Fusion scenarios, if loop detection is enabled on extended ports, when a satellite device (SD) is rebooted, or when a satellite device is added or removed/re-added, the loop detection feature might not work.
PR Number	Synopsis	Category: Bi Directional Forwarding Detection (BFD)
1470603	The BFD client session might flap when removing BFD configuration from the peer end (from other vendor) of the BFD session Product-Group=junos	Currently, when a BFD packet with session state set to "AdminDown" is received by Juniper Device, the Juniper device will check both the session state and the diagnostic code in the packet. If the session state is "AdminDown" and the diagnostic code is 7 (which means "diag AdminDown"), the BFD session will be set to "Down" and the BFD client (i.e. the service which is protected by BFD) will be notified with "AdminDown" and the BFD client session will not flap. But if the BFD packet with session state set to "AdminDown" along with diagnostic code other than 7 is received, the BFD client will be notified with "Down" and the BFD client session will flap.
PR Number	Synopsis	Category: Border Gateway Protocol
1414121	QFX5100 : BGP v4/v6 convergence & RIB install/delete time degraded in 19.1R1/19.2R1/19.3R1/19.4R1 Product-Group=junos	BGP IPv4 or IPv6 convergence and RIB install/delete time is degraded in Junos OS Releases 19.1R1, 19.2R1, 19.3R1, and 19.4R1.
1473351	Removing cluster from BGP group might cause prolonged convergence time Product-Group=junos	Cluster removal from BGP group might lead to a state where each subsequent change to BGP configuration will trigger import policy reevaluation causing prolonged convergence time of several minutes. This might result in a traffic loss.
1487691	High CPU utilization might be observed when the outgoing BGP updates are sending slowly Product-Group=junos	On all Junos platforms with the BGP routing protocols, the rpd process might go into a high CPU utilization causing slow network convergence. If a BGP peer is receiving and processing BGP updates slowly, this may cause the BGP output queue of the sending BGP peer to be full. When the queue is full it causes high CPU utilization of the BGP IO thread (bgpio, it is part of the rpd daemon) on the sending BGP peer. This defect could cause network-wide slow BGP network convergence. (See also https://kb.juniper.net/TSB17725)
1487893	The process rpd may generate soft cores after "always-compare-med" is configured for BGP path-selection Product-Group=junos	If a manually configured rib-group or automatically generated rib-group (via "family inet labeled-unicast resolve-vpn") is used to copy inet.0 (IP routing table) routes to inet.3 (MPLS routing table), the process rpd may continuously generate soft cores after "protocols bgp path-selection always-compare-med" is configured.
PR Number	Synopsis	Category: BBE Remote Access Server
1479697	The CoA request may not be processed if it includes "proxy-state" attribute Product-Group=junos	In a subscriber management environment, the CoA requests (such as deactivating/activating subscribers) sent from Radius server will fail if the "proxy-state" attribute is present. This attribute is still unsupported but will now be ignored if it's present in CoA requests.
PR Number	Synopsis	Category: Chotu platform software
1450424	RE-MX2008-X8-128G Secure BIOS Version Mismatch alarms Product-Group=junos	After reboot of the MX2008, can see below alarms:- 2019-07-22 05:07:57 UTC Minor VMHost RE 1 Secure BIOS Version Mismatch 2019-07-22 05:07:53 UTC Minor VMHost RE 0 Secure BIOS Version Mismatch 2019-07-22 05:07:53 UTC Minor Mixed primary and Backup RE types labroot@BRAIN-RE0> show chassis hardware Hardware inventory: Item Version Part number Serial number Description Chassis JN1261F13AFL MX2008 Routing Engine 0 BUILTIN BUILTIN RE-MX2008-X8-128G <<<< 128G Routing Engine 1 BUILTIN BUILTIN RE-MX2008-X8-128G <<<< 128G In certain platforms due to an issue in mfg packaging lastknown bios images are not present in efi_P/efi_S partition.
PR Number	Synopsis	Category: L2NG Access Security feature
1478375	The process dhcpd may crash in a Junos Fusion environment Product-Group=junos	On EX92XX platforms with the DHCP snooping configured, if a peer receives DHCPv6 packets from the server without the "client-id" option present, and it is syncing packets to the other side at that time, then the process dhcpd crash may be observed.
PR Number	Synopsis	Category: Firewall Filter
1478964	The filter may not be installed if the "policy-map xx" is present under it Product-Group=junos	If the "policy-map xx" option is configured under "family mpls" for filters, then the filters may not take effect after committing.
PR Number	Synopsis	Category: DNX platform MPLS FRR features
1485444	ACX5448 L2VPN with interface ethernet-ccc input-vlan-map/output-vlan-map can cause traffic blackhole Product-Group=junos	On the ACX5448 platform, l2vpn application with ethernet-ccc input-vlan-map/output-vlan-map can experience traffic blackhole while the control plane is still up. This issue is a software defect introduced by changes made via PR1456624 in the ethernet-ccc ingress interface. This software defect adds an internal vlan tag to all packets. As a result, customers' desired vlan-tag was not added in ccc->mpls direction. Causing the remote PE -- expecting vlan-tagged traffic -- to drop these packets due to vlan mismatch.
PR Number	Synopsis	Category: Covers Application classification workflows apart from custo
1455465	The traffic loss might occur when application service is configured Product-Group=junosvae	On vSRX3.0 platform, traffic loss might occur when application service is configured.
1455465	The traffic loss might occur when application service is configured Product-Group=junos	On vSRX3.0 platform, traffic loss might occur when application service is configured.
1479684	Recent changes to JDPI's classification mechanism caused a considerable performance regression Product-Group=junos	Recent changes to JDPI's (Juniper Deep Packet Inspection) classification mechanism caused a considerable performance regression (more than 30 percent).
PR Number	Synopsis	Category: Ethernet OAM (LFM)
1396540	V44-CFM: NPC crash @ rt_nh_install (rnh=0x618123d8, rnh_src=0x0, rt=< optimized out>, p_rtt=0x74f886c0) at ../../../../src/pfe/common/pfe-arch/trinity/applications/route/rt_nh.c:631 Product-Group=junos	As part of the EOAM programming the LM counters are allocated. When an interface is deleted, the EOAM LM counters needs to be cleared. This is done as part of EOAM punt deletion. But there are scenarios where the prog punt delete processing is received, the IFL is deleted in ukern. In this case the EOAM NHs are cleared but the LM counters are not freed. this can cause memory leak in jnh. This issue is seen for a scaled config, repeated addition and deletion of the interface configs when EOAM config is present
PR Number	Synopsis	Category: EVPN control plane issues
1467309	The rpd might crash after changing EVPN related configuration Product-Group=junos	In EVPN scenario without encapsulation type specified (the default EVPN encapsulation type is set to MPLS), if "vlan-id none" and "vni " is configured in EVPN instance, the rpd might crash after changing EVPN related configuration (such as set the encapsulation as vxlan or delete label-allocation scheme).
1490953	The rpd core might be seen when doing RE switchover after disabling BGP protocol globally Product-Group=junos	On EVPN scenario with BGP and routing-instance configured, if BGP protocol is disabled globally and then doing RE switchover, multiple rpd core might be seen. And the rpd does not run on new primary RE. Hence it would affect the traffic and service.
PR Number	Synopsis	Category: EVPN Layer-2 Forwarding
1484296	Dead next-hops might flood in a rare scenario after remote PEs are bounced Product-Group=junos	On all Junos platforms with EVPN-MPLS scenario, due to a timing condition, dead next-hops might flood after remote PEs are bounced. This will affect BUM traffic flooding to remote EVPN PEs.
PR Number	Synopsis	Category: Issues related to EX MACsec
1469663	Traffic loss might be seen with framing errors or runts if MACsec is configured on EX4600/QFX5100 platforms Product-Group=junos	On EX4600/QFX5100 platforms with Media Access Control Security (MACsec) configured, if there is traffic flowing through the MACsec enabled link, increasing framing errors or runts statistics might be seen in the output of "show interfaces extensive <>" for the affected interface. Traffic loss might also happen due to this issue.
PR Number	Synopsis	Category: Express PFE FW Features
1470385	Incorrect counter value for "Arrival rate" and "Peak rate" for ddos commands Product-Group=junos	On PTX1000/PTX3000/PTX5000/PTX10000/PTX9000/QFX10000, sending hostpath traffic and check the ddos statistics might lead to incorrect counter value for "Arrival rate" and "Peak rate" for ddos commands
1491575	BFD sessions start to flap when the firewall filter in the loopback0 is changed Product-Group=junos	On all Junos based PTX/QFX10000 series platforms with large filter configuration (e.g. one filter has more than 500 terms or one term has more than 500 filters) scenario, during the change operation of loopback0 filter, the bfd sessions start to flap.
PR Number	Synopsis	Category: Express PFE Services including JTI, TOE, HostPath, Jflow
1445585	Receipt of a malformed packet for J-Flow sampling might create a FPC process core. Product-Group=junos	Receipt of a malformed packet for J-Flow sampling might create a FPC process core.
PR Number	Synopsis	Category: Express PFE L2 fwding Features
1442587	The PMTUD might not work for both IPv4 and IPv6 if the ingress L3 interface is an irb Product-Group=junos	Path MTU Discovery (PMTUD) is a standardized technique for determining the maximum transmission unit (MTU) size on the network path between two IP hosts, usually with the goal of avoiding IP fragmentation. On QFX10K platforms, the PMTUD might not work for both IPv4 and IPv6 if the ingress L3 interface is an irb. The corresponding ICMP Fragmentation Needed packet to the sender might be dropped silently, then PMTUD fails. This issue has service impact.
PR Number	Synopsis	Category: SRX1500 platform software
1452137	Hardware failure is seen on both nodes in show chassis cluster status. Product-Group=junosvae	On the SRX1500 and SRX4xxx platforms, the management interface fxp0 down triggers a major alarm and cause hardware monitoring in jsrpd.
PR Number	Synopsis	Category: PTX Express ASIC interface
1412126	PTX interface stays down after maintenance Product-Group=junos	On PTX3000/PTX5000 linecard (QSFP28-100GBASE-LR4) interface may stay down after software upgrade. Issue is usually observed on links connected to another vendors equipment.
PR Number	Synopsis	Category: Kernel software for AE/AS/Container
1474300	A newly added LAG member interface might forward traffic even though its micro BFD session is down Product-Group=junos	On all Junos platforms, if a static Link Aggregate Group (LAG) is configured, and Bidirectional Forwarding Detection (BFD) is enabled on the LAG which is also called as micro BFD, a newly added member link might start to forward traffic immediately when the configuration change commits even though its micro BFD session is still down, for example, add a new member interface only on single end, and the remote member interface is disabled or not added. Therefore, traffic loss might be seen due to this issue.
PR Number	Synopsis	Category: Integrated Routing & Bridging (IRB) module
1436924	IRB over VTEP unicast traffic might get dropped on EX9200/MX platforms Product-Group=junos	On EX9200/MX platforms running as Provider Edge (PE) nodes in Ethernet Virtual Private Network (EVPN) and Virtual extension LAN (VxLAN) scenario, if the enhanced-ip mode is enabled for chassis configuration, and the EVPN routing instance is configured with Integrated Routing and Bridging (IRB) interface, the unicast traffic which is sent through IRB over Virtual Tunnel End Point (VTEP) might get dropped since it couldn't get routed towards core network due to this issue. [TSB17770]
1484721	ARP entry may not be created in the EVPN-MPLS environment Product-Group=junos	In the EVPN-MPLS environment, if a VLAN is created without having it in "protocols evpn extended-vlan-list", then adding it, the ARP entry may not be created on the device even it receives the ARP packets through the newly added VLAN.
1484964	VLAN creation failure might be seen on QFX-series platforms with scaled VLAN and L3 configuration Product-Group=junos	On QFX platforms with scaled VLAN and L3-interface configuration setup, when the VLANs are deleted and added back quickly, the newer VLANs might not get created successfully.
PR Number	Synopsis	Category: Adresses ALG issues found in JSF
1483834	FTPS traffic might get dropped on SRX/MX platforms if FTP ALG is used Product-Group=junos	On SRX/MX platforms with FTP ALG enabled, if there are more than one FTPS connection between a pair of FTP client and server, the closure of one connection might cause other connections between that pair of FTP client and server to be affected, hence there might be traffic impact. It is a rare timing issue.
PR Number	Synopsis	Category: Firewall Authentication
1475435	SRX Series: Unified Access Control (UAC) bypass vulnerability (CVE-2020-1637) Product-Group=junos	A vulnerability in Juniper Networks SRX Series device configured as a Junos OS Enforcer device may allow a user to access network resources that are not permitted by a UAC policy; Refer to https://kb.juniper.net/JSA11018 for more information.
PR Number	Synopsis	Category: Firewall Network Address Translation
1479824	Issuing the show security nat source paired-address command might return an error. Product-Group=junos	On the SRX series platforms with source NAT configuration, issuing the command "show security nat source paired-address ..." may return an error, which is not expected. It's a corner case, and not reproduced all the time.
PR Number	Synopsis	Category: IPSEC/IKE VPN
1421905	The VPN tunnel might flap when IKE and IPsec rekey happen simultaneously. Product-Group=junos	The VPN tunnel might flap in a corner case scenario (when IKE and IPsec rekey happen simultaneously).
PR Number	Synopsis	Category: Security platform jweb support
1499280	Junos OS: Security vulnerability in J-Web and web based (HTTP/HTTPS) services Product-Group=junos	Junos OS: Security vulnerability in J-Web and web based (HTTP/HTTPS) services (CVE-2020-1631). Refer to https://kb.juniper.net/JSA11021 for more information.
PR Number	Synopsis	Category: Issues related to Jflow Jvision Sensors
1477445	Sampling Process may crash when MPLS/MPLS over UDP traffic is sampled Product-Group=junos	When inline-jflow is configured for sampling MPLS traffic, multi-svsc process running on the FPC may crash due to MPLS resend flow referencing to an unavailable memory location. The issue is related only to MPLS traffic profile and has no bearing with any other jflow i.e. IPv4 and v6.
PR Number	Synopsis	Category: PFE infra to support jvision
1456275	Queue data might be missing from path '/interfaces/interface/state' Product-Group=junos	On subscribing to '/interfaces/interface/state/' it might get subscribed to '/junos/system/linecard/interface/traffic/' internally, instead of '/junos/system/linecard/interface/queue/' which might impact traffic.
PR Number	Synopsis	Category: Layer 2 Circuit issues
1498040	The l2circuit neighbor might be stuck in rd state at one end of MG-LAG peer Product-Group=junos	In MC-LAG scenario, if the l2circuit is configured with primary-neighbor or backup-neighbor over the MC-LAG link and the l2ckt (l2ciruits control daemon for pseudowire) session of the primary-neighbor or backup-neighbor is flapped continuously (such as clear neighbor ldp and ospf etc..,), one of the remote neighbors may be stuck in RD (the remote pseudowire neighbor is down)status due to race condition between VC(virtual circuit)status update timer and L2ckt intf status change timer. Then, that pseudowire might be down, the traffic might be impacted if the RD pseudowire is not up.
PR Number	Synopsis	Category: Layer 2 Control Module
1473610	ERP might not come up properly when MSTP and ERP are enabled on the same interface Product-Group=junos	When both MSTP and ERP are enabled on the same interface, then ERP will not come up properly.
PR Number	Synopsis	Category: Layer2 forwarding on EX/NTF/PTX/QFX
1484468	Packet loss might be observed after device rebooted or l2ald restarted in EVPN-MPLS scenario Product-Group=junos	In EVPN-MPLS scenario, if the core-facing interface (mpls interface) and the CE-facing interface are on different PEs, and the traffic from core is not continuous and DMAC (Dynamic MAC) ages out, due to an incorrect flood next-hop programming across different PFEs, packet loss might be observed after device rebooted or l2ald restarted.
PR Number	Synopsis	Category: mc-ae interface
1447693	The l2ald might fail to update composite NH Product-Group=junos	This is a timing issue where the l2ald receive underlay NH from rpd as part of LSI IFF ADD (VPLS core NH) and creates flood NH. Due to a flap at local IFL or core (VPLS etc.), the l2ald receives multiple LSI IFF Add and Delete in some order. In some sequence where rpd delete underlay NH from Kernel Forwarding table but the l2ald still create flood NH with this underlay NH, because IFF delete is yet to be received at the l2ald, so l2ald might fail to update Composite NH. This is generic L2 issue and can happen without mc-ae.
PR Number	Synopsis	Category: Application specific PRs (cos/snmp/time-sync/routing/BRAS)
1429797	Extended Ukern thread(PFEBM task) priority to support BBE performance tuning Product-Group=junos	Original PFEBM task, which is system-critical for internal network performance/resilience, was running a medium priority; Can see tnp queue errrors by 'show pfebm all' on VCP-bearing FPC when high rate of punt traffic (like ARPs or BGP route updates, etc.) which go through VC links. It needs to run at high priority to assure timely packet handling.
1493699	[subscriber_services] [all] JDI_BBE_REGRESSIONS: DHCP subscribers not coming up as expected after deactivating vcp port Product-Group=junos	In 20.1R1, for MX-VC platforms, setting or deleting a VC port causes other VC ports on the same FPC/MIC slot to bring link state down for a few seconds, possibly interrupting communication with the other member chassis.
PR Number	Synopsis	Category: Multiprotocol Label Switching
1445024	The rpd memory leak might be seen when the inter-domain RSVP LSP is in down state Product-Group=junos	In inter-domain RSVP (Resource Reservation Protocol) LSP (Label-switched Path) scenario, the rpd memory leak might be seen when the CSPF (Constrained Shortest Path First) tries to recompute the path for the "down" LSP which is due to no route or ERO is incorrectly configured. The issue might lead to rpd crash when the rpd is out of memory and results in traffic loss.
1497641	The rpd might crash when SNMP polling is done using OID "jnxMplsTeP2mpTunnelDestTable" Product-Group=junos	In a very rare P2MP with SNMP scenario, if the OID "jnxMplsTeP2mpTunnelDestTable" is polled by SNMP, the rpd (Routing Protocol Daemon) might crash since the relevant value is empty on the device and SNMP can not walk it at that time.
PR Number	Synopsis	Category: build tools
1290089	jcrypto syslog help package and events are not packaged even when errmsg is compiled Product-Group=junos	jcrypto syslog help package and events are not packaged even when errmsg is compiled properly. Several of the KMD help syslog entries are missing
PR Number	Synopsis	Category: FreeBSD Kernel Infrastructure
1439906	FPC might reboot if jlock hog occurs on all Junos VM based platforms Product-Group=junos	On a JUNOS VM using TSC clocking from the host system, "jlock hog" messages may be seen. This may lead to FPCs reboot.
1483644	Kernel core might be observed if deactivating daemon on EX2300/EX3400 platforms Product-Group=junos	On EX2300/EX3400 platforms, kernel core might be seen intermittently if deactivating the daemon using the wired-memory (Wired-Memory that is not eligible to be swapped and is usually used for Routing Engine memory structures or memory physically locked by a process).
PR Number	Synopsis	Category: "ifstate" infrastructure
1486161	Kernel core might be seen if deleting an ifstate Product-Group=junos	On all Junos platforms, some operations such as configuration change may cause state information to change and eventually cause the ifstate to be deleted. In a very rare case, deleting an ifstate (kernel state) might cause kernel core and RE (Routing Engine) restart. There is no specific trigger, this issue is reported by the configuration change.
PR Number	Synopsis	Category: Kernel MPLS / Tag / P2MP Infrastructure
1478806	Kernel crash and device restart might happen Product-Group=junos	In a corner case on Junos platform, where the family ccc is configured along with any other existing family within the same interface, like inet, inet6, etc. (basically, Junos never allows to do so, but somehow a customer did it ). And if the family ccc is deleted from the interface, which might cause kernel crash and the device reboot automatically, so all the traffic will be interrupted.
1493053	Backup RE might crash unexpectedly due to a rare timing issue Product-Group=junos	The backup Routing Engine might crash unexpectedly due to a rare timing issue during a route churn in the network.
1493431	BGP session might keep flapping between two directly connected BGP peers because of the wrong TCP-MSS in use Product-Group=junos	In case the two directly connected BGP peers are established over a one-hop LSP, if the IP layer's MTU is smaller than the MPLS layer's MTU, plus the BGP packets from the host have the DF bit set, the BGP session might keep flapping because of the wrong TCP-MSS in use.
PR Number	Synopsis	Category: JUNOS Network App Infrastructure (for ping, traceroute, etc)
1484689	Show system buffer command display's all zero in the MX104 chassis and it looks like cosmetic issue as there is no service impact reported Product-Group=junos	Corrected the odl tags and buffer data handling while xmlizing the output.
PR Number	Synopsis	Category: Kernel socket data replication issues for protocols that use
1472519	The kernel may crash and vmcore may be observed after configuration change is committed Product-Group=junos	On all Junos platforms, after committing the configuration change (e.g. removal of protocols like mpls, isis, ldp from the interfaces), then the kernel may crash and vmcore may be observed. This issue also may cause protocol adjacency failure.
PR Number	Synopsis	Category: PTX Broadway based PFE MPLS-LSPs RSVP VPNs tcc ccc software
1484255	FPC might crash when dealing with invalid next-hops Product-Group=junos	On PTX3000/PTX5000 platform with some specific FPCs, if the weights of links are set to an invalid value on an AE bundle interface or unilist (an unilist next-hop composed of several unicast next-hops), the FPC crash might be observed. It is a rare issue and the FPC will try to reload to resolve this problem. Traffic loss might be seen before the FPC completes the reload period.
PR Number	Synopsis	Category: PTX5KBroadway based PFE IPv4, IPv6 software
1479789	Multicast routes add/delete events might cause adjacency and LSPs to go down Product-Group=junos	In PTX5000 platform with (FPC2-PTX-P1A \| FPC-PTX-P1A), or PTX3000 with FPC-SFF-PTX-P1-A, with PIM scenario, The adjacency relationships of routing protocols and LSPs might go down if add/delete some multicast routes (which can be achieved by flapping interface or protocol) ). It is because that though the routes are deleted, its counter for statistic will not be removed from Junos resulting in memory block for counter exhaustion. And due to the exhaustion, any protocols that are sharing the same memory scope might fail to allocate its own counter, which eventually causes protocol adjacency and LSPs to go down. [TSB17747]
PR Number	Synopsis	Category: Layer 3 issues for VMX
1485706	Interface input error counters are not increasing on MX150 Product-Group=junos	The input errors on MX150 may be zero under show interfaces extensive output when there are CRC/Align errors on the interface.
PR Number	Synopsis	Category: Protocol Independant Multicast
1443056	PIM RPF selection for the specific multicast group might get incorrectly applied to other multicast groups Product-Group=junos	On all Junos platforms, changing an RPF interface for a particular multicast group using PIM rpf-selection configuration, might cause other multicast groups to take, a newly changed RPF interface.
PR Number	Synopsis	Category: Issues related to PKI daemon
1489249	Has the risk of service interruption on all SRX platforms with a dual-stacked CA server Product-Group=junos	On all SRX products with Online Certificate Status Protocol (OCSP) or Certificate Revocation List (CRL) configured which belongs to a dual-stacked (IPv4/IPv6) Certificate Authority (CA) server, and if one of the IP addresses gets failure, all the services that rely on it might be interrupted, as Junos only selects the first IP from the DNS response message as the IP of the OCSP or CRL.
PR Number	Synopsis	Category: PTP related issues.
1421811	PTP might not work on MX104 if phy-timestamping is enabled Product-Group=junos	On MX104 platform with any 2-port license installed on 10G interfaces and phy-timestamping enabled in PTP, PTP might not work.
1461031	The PTP function may hog kernel CPU for a long time Product-Group=junos	If the PTP function is configured, the process ppmd may be starved due to the defect that PTP function hog kernel CPU for a long time (>100ms), which can cause the "keep-alive" of the corresponding functions timeout such as ppmd based functions - LFM, BFD.
PR Number	Synopsis	Category: Chassis mgmt for all QFX systems - chassis MIB, alarms, CLI
1456742	The laser from the 10G SFP+ interface is still on when the interface is disabled or the device is rebooted Product-Group=junos	On the QFX5210/QFX5110/QFX5100 platform, the laser is still emitting from 10G SFP+ port even though the interface is disabled or the device is rebooted. It will cause the peer's interface is still up and might impact traffic.
PR Number	Synopsis	Category: QFX Control Plane Kernel related
1421250	A vmcore is seen on QFX VC Product-Group=junos	On QFX Series Virtual Chassis during shutdown, if an interrupt is received, the system gets into this state and vmcore is observed.
1421250	A vmcore is seen on QFX VC Product-Group=junosvae	On QFX Series Virtual Chassis during shutdown, if an interrupt is received, the system gets into this state and vmcore is observed.
PR Number	Synopsis	Category: QFX Platform related (SYSLOG/ALARMS/miscellaneous)
1409448	The 10G fiber interfaces might flap frequently when they are connected to other vendor's switch Product-Group=junos	When QFX5100 and other vendor's switch are connected via 10G fiber link, flaps may happen sometimes.
1419732	"show interface" indicates "Media type: Fiber" on QFX5100-48T running "QFX 5e Series" image Product-Group=junos	"show interface" indicates "Media type: Fiber" on QFX5100-48T running "QFX 5e Series" image. This is a display issue. Physical interface: xe-0/0/0, Enabled, Physical link is Down Interface index: 650, SNMP ifIndex: 515 Link-level type: Ethernet, MTU: 1514, LAN-PHY mode, Link-mode: Auto, Speed: Auto, BPDU Error: None, Loop Detect PDU Error: None, Ethernet-Switching Error: None, MAC-REWRITE Error: None, Loopback: Disabled, Source filtering: Disabled, Flow control: Disabled, Auto-negotiation: Disabled, Remote fault: Offline, Media type: Fiber <<<<<< Here!! Should be "Copper" Device flags : Present Running Down Interface flags: Hardware-Down SNMP-Traps Internal: 0x4000 Link flags : None
1449977	FPC does not restart immediately after rebooting the system. That might cause packet loss Product-Group=junosvae	On QFX10008 and QFX100016 switches, the traffic drop occurs after rebooting the system due to the time delay in rebooting the FPC.
PR Number	Synopsis	Category: QFX platform optics related issues
1457266	QFX5110 QSFP-100GBASE-SR4 made by Avago cannot linkup Product-Group=junos	On QFX5110, interface on QSFP-100GBASE-SR4 whose Xcvr vendor is Avago on the QFX side cannot linkup, FEC errors might be seen on the other side. Note : Do not use 19.3R2-S2, 18.2R3-S3 and 18.2R3-S4 for this fix. The fix causes that FPC will go down when 100G link comes up and this leads FPC up and down every 90 seconds. The fix will work on 19.3R2-S3 and 18.2R3-S5 properly.
PR Number	Synopsis	Category: Filters
1480776	ARP request packets for unknown host might get dropped in remote PE in EVPN-VXLAN scenario Product-Group=junos	In EVPN-VXLAN environment, when local CE sends ARP request packets for unknown host, the packets will hit firewall-host queue in remote PE. It might trigger DDoS protection policer violations for firewall-host queue hence the ARP request packets might get dropped.
PR Number	Synopsis	Category: QFX L2 PFE
1385954	"CMQFX: Error requesting SET BOOLEAN, illegal setting 66" is generated at booting up. Product-Group=junos	The following log may be generated at booting up. >> Feb 10 02:15:26 jtac-qfx5100-48s-6q-r2373 : %PFE-3: fpc0 CMQFX: Error requesting SET BOOLEAN, illegal setting 66. This is a cosmetic log and you can ignore the log safely.
1454095	Changing the VLAN name associated with access ports may cause that MAC addresses can not be learned under EVPN-VXLAN scenario Product-Group=junos	On the QFX5k platform with EVPN-VXLAN configured, if the VLAN name associated with access ports is changed, then the virtual bridge domain may not be created. Due to this, the MAC addresses will not be learned. This issue will cause traffic loss.
1473685	The RIPv2 packets forwarded across a L2circuit connection might be dropped Product-Group=junos	When RIPv2 routes are received on a QFX5100/EX4600 platforms, either to or from an L2 circuit connection, such packets are not propagated. This includes directed unicast RIPv2 packets.
PR Number	Synopsis	Category: QFX MPLS PFE
1474935	L2circuit might fail to communicate via VLAN 2 on QFX5K platforms Product-Group=junos	On QFX5K platforms acting as L2circuit PE (tunnel terminating node), if VLAN 2 is used for L2circuit communication with CE node, the VLAN 2 packets might be dropped on PE.
PR Number	Synopsis	Category: QFX VC Infrastructure
1478905	The default VC MAC persistence timer is incorrectly set to 20 seconds instead of 20 minutes Product-Group=junos	In QFX5200-32C, QFX5110 VC (Virtual Chassis) scenario, the default VC MAC (Media Access Control) persistence timer is incorrectly set to 20 seconds instead of 20 minutes. If the primary VC member is rebooted, the new primary member starts using its own MAC address as the system's MAC base address after only 20 seconds instead of 20 minutes. This results in issues like OSPF (Open Shortest Path First) stuck in "init" state after the primary VC member reboot.
PR Number	Synopsis	Category: Routing Information Protocol
1485009	The rpd crashes if the same neighbor is set in different RIP groups Product-Group=junos	If the same neighbor is configured under different RIP groups, the commit check fails to capture this invalid configuration and commit can be done successfully. However the rpd will crash.
PR Number	Synopsis	Category: rosen-6 and rosen-7 mvpn bugs
1405887	The CLI command "show pim mdt data-mdt-limit instance " with family option might cause CPU usage of rpd high Product-Group=junos	In draft-rosen MVPN scenario with data-mdt, if performing the CLI command "show pim mdt data-mdt-limit instance ", The output might go in loop and the rpd process might use high CPU.
PR Number	Synopsis	Category: RPD Interfaces related issues
1498992	The rpd might crash when multiple VRFs with 'IFLs link-protection' are deleted at a single time Product-Group=junos	On all Junos platforms with large-scale VRF scenario, the rpd might crash when multiple VRFs with 'routing-options interface IFL link-protection' are deleted via a single commit.
PR Number	Synopsis	Category: RPD policy options
1450123	The rib-group might not process the exported route correctly Product-Group=junos	The rib-group with a policy that matches route next-hop can fail to add the route to the secondary routing table when matched route next-hop is changed to another one and then referred back again after some time. This issue has traffic impact as the exported route will lose in the secondary routing table.
PR Number	Synopsis	Category: show route table commands, tracing, and syslog facilities
1421076	RPD crash might occur when changing prefix list address from IPv4 to IPv6 Product-Group=junos	RPD crash might occur when changing prefix list address from IPv4 to IPv6 Configure IPv4 prefix-list: set policy-options prefix-list PREFIX_LIST 10.0.0.0/24 Configure a policy that has "then next policy" term: set policy-options policy-statement POLICY term PREF from prefix-list PREFIX_LIST set policy-options policy-statement POLICY term PREF then next policy set policy-options policy-statement POLICY term END then reject commit Note: If a terminating action is used for term PREF (such as "then accept"/"then reject") the core does not appear. Change prefix-list using "replace-pattern" [edit policy-options prefix-list PREFIX_LIST] replace pattern 10.0.0.0/24 with 2001:10::/64 commit RPD crash occurs
PR Number	Synopsis	Category: Resource Reservation Protocol
1359087	The FPC might be stuck in 'Ready' state after applying a configuration change that will remove RSVP and trigger FPC restart Product-Group=junos	When 'tunnel-services' is configured under 'chassis fpc <> pic <>', the vt-x/y/z physical interface (IFD) is created for the corresponding FPC. If 'protocols rsvp' is configured, RSVP will create a default vt-x/y/z.u logical interface (IFL) under the corresponding vt-x/y/z IFD. After applying a configuration change that will remove RSVP and trigger FPC restart, the vt-x/y/z.u IFL is not cleaned up due to a code issue. Hence the corresponding vt-x/y/z IFD cannot be cleaned up during the corresponding FPC coming up. The IFD cleaning keeps retrying which cause the corresponding FPC to be stuck in 'Ready' state.
1469567	Fast reroute detour next-hop down event might cause primary LSP down in particular scenario Product-Group=junos	In detour protection scenario (Fast-reroute enabled in LSP) in which the incoming detour LSPs that arrives on the primary next-hop merge with the locally originated detour LSP, sometimes after detour LSP next-hop down event the node incorrectly chooses the primary nhop (next hop) as the detour nhop, as a result it could cause brief traffic loss (a few seconds).
1476773	RSVP LSPs might not come up in scaled network with very high number of LSPs if NSR is used on transit router Product-Group=junos	If NSR is enabled on transit router with scaled RSVP LSPs, RESV message might not be sent from transit router because the path messages replication on primary RE does not complete in time. Hence RSVP LSPs might not come up with traffic impact.
PR Number	Synopsis	Category: RPD API infrastructure
1481953	The rpd may crash when executing "show route protocol l2-learned-host-routing" or "show route protocol rift" CLI command on a router Product-Group=junos	On all Junos platforms, executing the CLI command of "show route protocol l2-learned-host-routing" or "show route protocol rift" on a router may cause the rpd crash if there is an active route in bgp.rtarget.0 routing table.
PR Number	Synopsis	Category: jflow/monitoring services
1439630	Sampling might return incorrect ASN for BGP traffic Product-Group=junos	In a BGP scenario with sampling enabled, incorrect ASN (autonomous system number) might be returned for the traffic originated from an internal prefix. This is because some AS paths and routes don't hold the latest information in the message buffers that srrd (sampling route-record daemon) uses to send to the clients.
PR Number	Synopsis	Category: Generic platform and infra issues for MS-MIC and MS-MPC(XLP)
1464020	The mspmand might crash when stateful firewall and RPC ALG used on MX platforms with MS-MIC/MS-MPC Product-Group=junos	On MX platforms with MS-MIC/MS-MPC, when stateful firewall is configured with "application junos-dce-rpc-portmap" and RPC ALG is enabled (both Sun RPC and MS-RPC), the mspmand might crash continuously (about every 15 or 20 minutes).
PR Number	Synopsis	Category: MS-MPC Logging on MX
1478972	TCP-log sessions might be in Established state but no logs get sent out to the syslog server Product-Group=junos	When TCP-based syslog is configured under the service-set, the Services PICs will establish the TCP sessions with syslog server. When the networks between the syslog server and the MX/SRX are not stable, TCP retransmit may not work properly and cause the TCP sessions to hang. When issuing "show services tcp-log connections", the TCP sessions are still shown in "Established" state, however, no syslog messages are sent to the syslog server.
PR Number	Synopsis	Category: SRX Argon module bugs
1480005	The flowd or srxpfe process might stop when advanced anti-malware service is used. Product-Group=junos	On all multiple-threads SRX Series devices with Advanced Anti-MalWare service used, in a rare condition that a deadlock might occur among multiple threads, which results in the flowd/srxpfe crash.
PR Number	Synopsis	Category: security-intelligence feature on SRX
1482947	19.2R2:VSRX3.0:SRX-RIAD:ipfd core found at 0x08601e14 in ipid_msg_process (svr=< optimized out>, client_id=< optimized out>, msg=< optimized out>, len=< optimized out>) at ../../../../../../src/pfe-shared/include/jnx/usp/ipid_shared.h:622 Product-Group=junos	If ipfd core happens with similar stack trace, it is likely that PR1482947 applies, it is self-heal, does not need special action, and does not impact production traffic
PR Number	Synopsis	Category: MX10003/MX204 Platform SW - Chassisd s/w defects
1406952	MX10003 / MX204 cosmetic message: ALARMD_CONNECTION_FAILURE: after 60 attempts craftd connect returned error: Connection refused Product-Group=junos	MX10003 / MX204 platform doesn't have craftd process but alarmd keeps on retrying to connect to it. As the connection keeps failing, alarmd logs error message for first 10 minutes. Later it keeps re-trying the connection attempt silently and endlessly every one second. Removing this connection attempt from alarmd process for unsupported platforms.
PR Number	Synopsis	Category: SRX-1RU HA SW defects
1487951	If a cluster-id of 16 or multiples of 16 is used the cluster might not come up Product-Group=junos	When using the SRX4600 firewall in a cluster, if a cluster-id of 16 or multiples of 16 is being used, the cluster might not come up.
PR Number	Synopsis	Category: Issues related to broadband edge apps (PPP, DHCP) on Trio ch
1476786	Traffic loss may be observed to the LNS subscribers in case the "routing-service" knob is enabled under the dynamic-profile Product-Group=junos	On the MX platforms working in an enhanced subscriber environment, if the "routing-service" knob is enabled under the dynamic-profile for the LNS subscribers, l2tp services may not be programmed properly in the PFE due to timing, which causes forwarding issue to the affected subscribers.
PR Number	Synopsis	Category: Trio pfe bridging, learning, stp, oam, irb software
1468663	JNH memory leaks might be seen after CFM session flap for LSI/VT interfaces Product-Group=junos	JNH memory leak may be seen when CFM session over the VPLS LSI interface/VT interface flaps if mip-half-function is used.
1491091	MAC malformation might happen in a rare scenario under MX-VC setup Product-Group=junos	On MX-VC setup, if traffic is going through a VCP (virtual chassis port) port and forwarding to an egress port to the destination, while the traffic is handled entirely by the same PFE, MAC malformation might happen.
PR Number	Synopsis	Category: Trio pfe multicast software
1478981	The convergence time for MVPN fast upstream failover might be more than 50ms Product-Group=junos	On MX platforms which act as Next Generation Mulicast Virtual Private Network (NG-MVPN) Provider Edge (PE) routers, if the hot-root-standby and sender-based-rpf features are configured to enable MVPN fast upstream failover, once the primary multicast flow rate falls below the configured "mvpn hot-root-standby min-rate rate" threshold, the egress PE router is supposed to take switchover action from the primary flows to the backup ones, and the covergence time should be within 50 milliseconds. Due to this issue, the covergence time might be more than 50ms and reach up to several seconds (e.g. 2~3s) in a highly scaled scenario (e.g. the number of the multicast groups undergoing the switchover simultaneously is greater than 250 groups). This will result in more traffic loss than expected.
PR Number	Synopsis	Category: Configuration mgmt, ffp, load-action, commit processing
1468119	Daemons might not be started if "commit" is executed after "commit check" Product-Group=junos	On Junos from 16.2R1 onwards, if "commit" is executed after "commit check", the daemon (e.g. dhcpd, sampled) might not be started even the related configuration is successfully committed.
PR Number	Synopsis	Category: UI Infrastructure - mgd, DAX API, DDL/ODL
1439805	When group is applied at non-root level then updating knobs inside the group is not updating hierarchies where it's applied Product-Group=junos	On all Junos platforms, if a group is applied at non-root level and later some knob from the group is deleted, then change bits are not set for the hierarchy where the group is applied.
1480348	TFTP installation from loader prompt may not succeed on the EX series devices Product-Group=junos	On the EX series platforms with 17.1R1 onwards, software installation from loader prompt may not succeed by using TFTP.
PR Number	Synopsis	Category: V44 Satellite Device Infra
1460607	The dpd crash might be observed on satellite devices in junos fusion enterprise Product-Group=junosvae	In junos fusion dpd might crash on satellite devices running SNOS.
PR Number	Synopsis	Category: PTX/QFX10002/8/16 specific software components
1475871	Traffic loss might be seen as backup RE takes around 20 seconds to acquire mastership Product-Group=junos	On the MX10008/10016 platforms, when GRES and NSR are configured, backup RE will take about 20 seconds to acquire mastership after kernel crash on primary RE. Due to this long switching time, traffic loss might be seen. Normal RE mastership switchovers are not affected by this issue.
PR Number	Synopsis	Category: PTX/QFX100002/8/16 platform software
1464119	FPC might restart during run time on PTX10K/QFX10K platforms Product-Group=junosvae	On PTX10K/QFX10K platforms, FPC might restart if there is some corruption in BCM (Broadcom) switch (a small internal ethernet switch, instead of PFE engine) inside the FPC. It is a timing issue. The reason is that the PCIe speed configuration for BCM switch is not correct. And this issue is resolved in some FPC U-boot versions.
PR Number	Synopsis	Category: Virtual Private LAN Services
1295664	LSI interface might not be created causing remote MACs not being learnt with error log of "RPD_KRT_Q_RETRIES: ifl iff add: Device busy" Product-Group=junos	With VPLS being configured, after upgrade to 15.1/16.1/17.x releases, in some circumstances VPLS LSI interface are not correctly created, causing remote MACs not being learnt and L2 VPLS outage. The issue is not reproduced and the code change is not a fix but add a instrumentation using a hidden command 'show vpls ipc-history', which should be captured right away when the issue is seen on latest releases. show vpls ipc-history <<<<< show vpls connections show krt queue show route forwarding-table extensive /var/log/messages
PR Number	Synopsis	Category: Virtual Router Redundancy Protocol
1454895	The VRRP traffic loss is longer than one second for some backup groups after performing GRES Product-Group=junos	On all Junos OS platforms, configuring VRRP over the AE interface whose member physical interfaces belong to different PFE (packet forwarding engine), some backup VRRP groups traffic loss are observed longer than one second after performing GRES (graceful Routing Engine switchover). As the expectation is that the outage is subsecond.

Knowledge Base

18.3R3-S2 - List of Fixed issues