Support Support Downloads Knowledge Base Case Manager My Juniper Community

Knowledge Base

Search our Knowledge Base sites to find answers to your questions.

Ask All Knowledge Base Sites All Knowledge Base Sites JunosE Defect (KA)Knowledge BaseSecurity AdvisoriesTechnical BulletinsTechnotes Sign in to display secure content and recently viewed articles

18.4R2-S4: Software Release Notification for JUNOS Software Version 18.4R2-S4

0

0

Article ID: TSB17785 TECHNICAL_BULLETINS Last Updated: 22 May 2020Version: 3.0
Alert Type:
SRN - Software Release Notification
Product Affected:
ACX, EX, MX, PTX, QFX, NFX, SRX, VRR, and VMX
Alert Description:
Junos Software Service Release version 18.4R2-S4 is now available for download from the Junos software download site
Download Junos Software Service Release:
  1. Go to Junos Platforms - Download Software page
  2. Input your product in the "Find a Product" search box
  3. From the Type/OS drop-down menu, select Junos SR
  4. From the Version drop-down menu, select your version
  5. Click the Software tab
  6. Select the Install Package as need and follow the prompts
Solution:

Junos Software service Release version 18.4R2-S4 is now available.

NOTE: Know critical issue for EX Series. The Service Release Software for EX Series has been recalled. The issue caused by PR1510224 - Performing "request system zeroize" on an EX may brick the switch [TSB17791]

18.4R2-S4 - List of Fixed issues

PR Number Synopsis Category: L2NG RTG feature
1461293 MAC addresses learned on RTG may not be aged out after aging time
Product-Group=junos
MAC addresses learned on redundant trunk group (RTG) might not be aged out after aging time if the source interface is configured as RTG.
PR Number Synopsis Category: EX4300 PFE
1429964 Unicast arp requests are not replied with "no-arp-trap" option
Product-Group=junos
On EX4300 Series platforms, the unicast arp request received might not be replied if "no-arp-trap" option is configured. This can cause ARP resolutions to fail on remote peer devices.
PR Number Synopsis Category: EX2300/3400 PFE
1428769 A client might fail to get an IP from DHCPv6 Server
Product-Group=junos
In EX2300 platform with DHCPv6 scenario, the client might not successfully obtain an IPv6 address from DHCPv6 Server, if the interface of the EX2300 the client connected with is a trunk port and the VLAN which the client belongs does not enable Neighbor Discover Inspection (NDI) but enabled within other VLANs. They will be stuck in the state of DHCPv6 solicit stage forever, because the NDI is interface-based for EX2300, but is VLAN-based for other EX platforms.
1446844 The traffic might be dropped when a firewall filter rule uses 'then vlan' as the action in a VC scenario
Product-Group=junos
If a firewall filter is configured with the action 'then vlan' in a VC scenario on some specific platforms (e.g., EX2300/EX3400/EX4600/QFX5100...), some of the traffic which matches that filter might be dropped.
1448071 Unicast arp requests are not replied with no-arp-trap option.
Product-Group=junos
When unicast arp request is received by EX3400/QFX5100 switch and it is configured with "set switch-options no-arp-trap option", the arp request may not be replied. This has been fixed and unicast ARP request will be replied even with "set switch-options no-arp-trap option" configuration.
PR Number Synopsis Category: EX2300/3400 platform
1452209 The MAC Pause frames will be incrementing on Receive direction if half duplex mode on 10M or 100M speed is configured
Product-Group=junosvae
On EX3400 with half duplex mode on 10M or 100M speed at medium traffic rates, MAC pause frames will be seen on the port and egress traffic on the port will stop to flow.
1477165 EX3400 me0 interface might remain down
Product-Group=junos
The me0 interface of EX3400 does not come up when connected to 100m speed interface.
PR Number Synopsis Category: QFX PFE L2
1441186 MAC learning might not work correctly on QFX5120
Product-Group=junosvae
On QFX5120, after deleting and reapplying configuration multiple times, MAC learning might not work correctly. It is a rare issue.
1467466 Few MAC addresses might be missing from MAC table in software on QFX5k platform.
Product-Group=junos
On QFX5k platform, if Packet Forwarding Engine process is restarted manually or device reboot occurs, some MAC address(es) might not be seen on software MAC table but MAC address will be present in hardware table.
PR Number Synopsis Category: QFX L3 data-plane/forwarding
1460791 JDI-RCT : QFX 5100 VC/VCF : Observing Error brcm_ipmc_route_counter_delete:3900Multicast stat destroy failed (-10:Operation still running) after ISSU with Mini-PDT base configurations
Product-Group=junos
"multicast stats related errors like " brcm_ipmc_route_counter_delete:3900Multicast stat destroy failed (-10:Operation still running)" will be observed during ISSU and these messages are harmless and does not affect multicast functionality".
1475819 Traffic might not be forwarded over ECMP link in EVPN VXLAN scenario
Product-Group=junosvae
On QFX5110/QFX5120 platforms, when Traffic Load Balance is used in EVPN VXLAN scenario, traffic might not be forwarded over ECMP link after the ECMP link flapped.
1485612 FPC may go to "NotPrsnt" state after upgrading with non-tvp image in VC/VCF setup
Product-Group=junos
On EX4600/QFX5100 platform, there are two types of PIC (Physical Interface Card). The first one is PIC with the integrated PHY capability (called PHYLESS). The second one is PIC with an external PHY capability (called PHY). If VCPs (Virtual Chassis Port) are configured on external PHY capability PIC(s), the FPC(s) might go to "NotPrsnt" state after upgrading with non-tvp image in VC/VCF setup. The affected FPC(s) cannot be used to forwarding traffic.
PR Number Synopsis Category: QFX PFE MPLS
1475395 Traffic blackhole might be seen on PE when CE sends traffic to PE and the destination is resolved with two LSPs through one upstream interface
Product-Group=junos
On QFX5K platforms with Layer3 VPN scenario, when CE sends traffic to PE and the destination is resolved with two LSPs through one upstream interface, the traffic blackhole might be seen on PE. It happens in ECMP scenario.
PR Number Synopsis Category: Sflow on QFX 5100,5200, 5110
1449568 Except one AE member link, the other links do not send out sFlow sample packets for ingress traffic
Product-Group=junos
The sFlow sample packets might stop on one aggregated ethernet member link if ingress sFlow is configured on the member link. This might cause inaccurate monitoring on the network traffic.
PR Number Synopsis Category: "agentd" software daemon
1455384 Agentd memory may leak and crash when RPD session closing without releasing memory on PTX or MX
Product-Group=junos
On PTX and MX, agentd memory may leak and crash because its memory leaking happens when the internal communication is broken between agentd and rpd.
PR Number Synopsis Category: common or misc area for SRX product
1467376 Physically disconnecting the cable from the fxp0 interface causes hardware monitor failure.
Product-Group=junos
On SRX1500 and the SRX4000 line of devices, physically disconnecting the cable from fxp0 interface causes hardware monitor failure and redundancy group failover, when the device is the primary node in a chassis cluster.
PR Number Synopsis Category: Junos Fusion Infrastructure
1366106 PoE over LLDP negotiation is not supported on Junos Fusion Enterprise setup
Product-Group=junosvae
PoE (Power over Ethernet) over LLDP (Link Layer Discovery Protocol) negotiation is not supported in Junos Fusion Enterprise (JFE) setup. The issue results in powering up failure when a device makes PoE over LLDP negotiation with the JFE.
PR Number Synopsis Category: These are new categories in the areas of PFE
1460209 Loop detection might not work on extended ports in Junos Fusion scenarios
Product-Group=junos
In Junos Fusion scenarios, if loop detection is enabled on extended ports, when a satellite device (SD) is rebooted, or when a satellite device is added or removed/re-added, the loop detection feature might not work.
PR Number Synopsis Category: Bi Directional Forwarding Detection (BFD)
1432440 In BFD and GR enabled scenario, BFD DOWN packets are not being sent immediately after BFD failure
Product-Group=junos
In both GR helper and GR restarter scenarios, BFD down packets are not immediately sent. It might cause an issue where BGP session down is notified before BFD DOWN.
PR Number Synopsis Category: Border Gateway Protocol
1396344 Processing a large scale as-path regex will cause the flap of the route protocols
Product-Group=junos
When 'as-path-group' is configured under BGP, if a configuration with a large scale as-path regex is committed, the route protocols flap might be seen.
1412538 BGP might stuck in Idle state when the peer triggers a GR restart event
Product-Group=junos
When NSR (nonstop-routing) is enabled in local device and BGP GR (Graceful-Restart) is enabled in peer device, if the peer triggers a GR restart (it is usually caused by some failure in peer or the peer restarts rpd, etc), some BGP sessions might stuck in Idle state. The reason is that when the GR restart happens, the device is still doing the initial sync to the backup RE of the previous sessions, so some BGP sessions might stuck in Idle state because the router does not complete the process (the initial sync of the data set to the backup).
1454677 Junos OS and Junos OS Evolved: Invalid BGP UPDATE sent to peer device may cause BGP session to terminate. (CVE-2020-1632)
Product-Group=junos
In a certain condition, receipt of a specific BGP UPDATE message might cause Juniper Networks Junos OS and Junos OS Evolved devices to advertise an invalid BGP UPDATE message to other peers, causing the other peers to terminate the established BGP session, creating a Denial of Service (DoS) condition. Refer to https://kb.juniper.net/JSA11013 for more information.
1473351 Removing cluster from BGP group might cause prolonged convergence time
Product-Group=junos
Cluster removal from BGP group might lead to a state where each subsequent change to BGP configuration will trigger import policy reevaluation causing prolonged convergence time of several minutes. This might result in a traffic loss.
1487691 High CPU utilization might be observed when the outgoing BGP updates are sending slowly
Product-Group=junos
On all Junos platforms with the BGP routing protocols, the rpd process might go into a high CPU utilization causing slow network convergence. If a BGP peer is receiving and processing BGP updates slowly, this may cause the BGP output queue of the sending BGP peer to be full. When the queue is full it causes high CPU utilization of the BGP IO thread (bgpio, it is part of the rpd daemon) on the sending BGP peer. This defect could cause network-wide slow BGP network convergence. (See also https://kb.juniper.net/TSB17725)
PR Number Synopsis Category: BBE Remote Access Server
1474180 Some address relevant fields are missing when executing "test aaa ppp" command
Product-Group=junos
After upgrade software 18.4R2,"test aaa ppp" command output can't see "Client IP Address" field.
PR Number Synopsis Category: PTX Chassis Manager
1462987 PIC may restart if the temperature of QSFP optics is overheated on PTX3K/5K
Product-Group=junos
On PTX3K/5K platform with P3-24-U-QSFP28/P3-15-U-QSFP28/P3-10-U-QSFP28 PIC used, if the temperature of QSFP optics is overheated, the PIC might restart.
PR Number Synopsis Category: MX Platform SW - UI management
1457657 The chassisd process and all FPCs may restart after RE switchover
Product-Group=junos
The chassisd process and all FPCs may restart after RE switchover if the knob "master-only" is enabled.
PR Number Synopsis Category: Device Configuration Daemon
1424770 The demux interfaces will be down after changing the MTU of the underlying et interface
Product-Group=junos
If the et interface is the underlying interface for the demux interfaces, the demux interfaces will be down after changing the MTU (Maximum Transmission Unit) of the underlying et interface. The issue results in services down for these demux interfaces.
1475634 Commit error is not thrown when member link is added to multiple aggregation group with different interface specific options
Product-Group=junos
Commit error is not thrown when member link was added to multiple aggregation group with different interface specific options. When member interface added to bundle with both ether and gig-ether interface specific options, gig-ether option takes precedence over ether options.
PR Number Synopsis Category: Firewall Filter
1450928 The ARP packets are getting dropped by PFE after chassis-control is restarted
Product-Group=junos
If bfd-liveness-detction is enable, chassis-control is performed, in a very rare situation, stale bfd implicit filter causes hostbound arp packet drop. Even if the chassis-control is finished, bgp neighbors still stuck as a result of arp resolution.
1465093 On MX10008 and MX10016 routers policer bandwidth-limit cannot be set higher than 100g
Product-Group=junos
MX10008 and MX10016's "policer bandwidth-limit" can not be set higher than 100G.
PR Number Synopsis Category: EVPN control plane issues
1490953 The rpd core might be seen when doing RE switchover after disabling BGP protocol globally
Product-Group=junos
On EVPN scenario with BGP and routing-instance configured, if BGP protocol is disabled globally and then doing RE switchover, multiple rpd core might be seen. And the rpd does not run on new master RE. Hence it would affect the traffic and service.
PR Number Synopsis Category: EVPN Layer-2 Forwarding
1495098 VXLAN bridge domain may lose VTEP logical interface after restarting chassisd
Product-Group=junos
In all Junos platforms with EVPN-VXLAN scenario, VTEP interface might not be installed under the VXLAN bridge domain(BD) after restart process chassisd, which might cause traffic loss. For the reason is that the VTEP physical interface(VTEP IFD) needs to be deleted when the chassisd is restarted, then add back after the restart is completed, and then re-associate VTEP logical interface (VTEP IFL) with corresponding BD. However, the VTEP IFD takes a long time to be added back after restarting. During the absence of IFD, the VTEP IFL will not be recognized by process l2ald. Therefore, it will not be associated with the corresponding VXLAN BD. In this way, even if the VTEP IFD up later does not help, because the whole initialization process has been finished.
1502357 The VXLAN function might be broken due to a timing issue after the change in PR 1495098
Product-Group=junos
After the change in PR 1495098 (currently the affected release is 18.4R3-S2), the VXLAN function might be broken due to a timing issue. It is not recommended to use VXLAN with the affected release.
PR Number Synopsis Category: EX Chassis Interface Handling
1489985 VC ports might go down in mixed-VC set up of QFX5100-24Q-2P/EX4300 and EX4600/EX4300
Product-Group=junos
In mixed-VC set up of QFX5100-24Q-2P/EX4300 and EX4600/EX4300 platforms, Virtual Chassis Ports might remain in downstate and VC split could be detected.
PR Number Synopsis Category: Issues related to EX MACsec
1476719 On EX4300, the output of "show security macsec statisitics" shows high values incorrectly.
Product-Group=junosvae
On EX4300, the output of "show security macsec statisitics" shows high values incorrectly.
PR Number Synopsis Category: Express PFE FW Features
1433259 Cannot change DDOS protocol TTL values under PTX10K
Product-Group=junosvae
Changing DDOS TTL protocols values in PTX10K is not supported.
1452716 Firewall filter applied at interface level might not work when MPLS label is present in certain scenarios
Product-Group=junos
In certain scenarios, if traffic comes to the egress LSR as MPLS packet, firewall filter applied under core facing interface might not work.
1462634 The sample/syslog/log action in output firewall filter with packet of size less than 128 might cause ASIC wedge (all packet loss) on PTX platforms
Product-Group=junos
On PTX platforms, if output firewall filter is configured with sample/syslog/log action, the host interface might get wedged for packets with lengths 0-128 including Layer 3 headers.
1470385 Incorrect counter value for "Arrival rate" and "Peak rate" for ddos commands
Product-Group=junos
On PTX1000/PTX3000/PTX5000/PTX10000/PTX9000/QFX10000, sending hostpath traffic and check the ddos statistics might lead to incorrect counter value for "Arrival rate" and "Peak rate" for ddos commands
PR Number Synopsis Category: Libjtask for RPD tasks, scheduler, timers, memory, and slip
1431033 Traceoptions file is exceeding configured file size limit and the file keeps on growing
Product-Group=junos
With 64-bit rpd running and traceoptions configured e.g. for BGP or MPLS statistics etc., the trace files are not rotating/rolling over as per the configured file size limit and the logs continue to be written to a single file continuously.
PR Number Synopsis Category: Optical Transport Interface
1429279 After member interface flapping AE remains down on 5X100GE DWDM CFP2-ACO PIC.
Product-Group=junos
On 5X100GE DWDM CFP2-ACO PIC on PTX series platforms, if any AE member interface flaps, the AE interface might stop receiving the LACP RX packets and fail to come up. It can be recovered by disabling/enabling the AE interface.
PR Number Synopsis Category: Integrated Routing & Bridging (IRB) module
1484721 ARP entry may not be created in the EVPN-MPLS environment
Product-Group=junos
In the EVPN-MPLS environment, if a VLAN is created without having it in "protocols evpn extended-vlan-list", then adding it, the ARP entry may not be created on the device even it receives the ARP packets through the newly added VLAN.
1484964 VLAN creation failure might be seen on QFX-series platforms with scaled VLAN and L3 configuration
Product-Group=junos
On QFX platforms with scaled VLAN and L3-interface configuration setup, when the VLANs are deleted and added back quickly, the newer VLANs might not get created successfully.
PR Number Synopsis Category: jdhcpd daemon
1455076 EVPN-VXLAN ERB - dhcp relay-source lo0.1 is not used when enabled with anycast legacy IRB
Product-Group=junos
relay-source knob is now applicable for forward-only subscribers as well.
1496220 Issues with DHCPv6 Relay processing Confirm and Reply packets
Product-Group=junos
When wired DHCPv6 clients change VLAN and an existing DHCPV6 relay binding exists on another VLAN, the DHCPv6 CONFIRM packets from the client may not get processed correctly on the relay resulting in connectivity issues
PR Number Synopsis Category: Firewall Authentication
1475435 SRX Series: Unified Access Control (UAC) bypass vulnerability (CVE-2020-1637)
Product-Group=junos
A vulnerability in Juniper Networks SRX Series device configured as a Junos OS Enforcer device may allow a user to access network resources that are not permitted by a UAC policy; Refer to https://kb.juniper.net/JSA11018 for more information.
PR Number Synopsis Category: PFE infra to support jvision
1456275 Queue data might be missing from path '/interfaces/interface/state'
Product-Group=junos
On subscribing to '/interfaces/interface/state/' it might get subscribed to '/junos/system/linecard/interface/traffic/' internally, instead of '/junos/system/linecard/interface/queue/' which might impact traffic.
PR Number Synopsis Category: Layer 2 Control Module
1461236 Explicit Deletion Notification (del_path) Not Received when LLDP Neighbor is Lost as result of disabling local interface on the DuT via CLI (gNMI)
Product-Group=junos
Explicit Deletion Notification (del_path) Not Received when LLDP Neighbor is Lost as result of disabling local interface on the DuT via CLI (gNMI)
1469635 Memory leak on l2cpd process might lead to l2cpd crash
Product-Group=junos
On all Junos platforms with l2cpd (Layer-2 control protocols) daemon, committing configuration changes which are processed by l2cpd (e.g., flexible-vlan-tagging, stacked-vlan-tagging, vlan-tagging, family ethernet-switching) might cause marginally memory leak. Committing the l2cpd processed configuration changes in a successive manner might cause the memory resource exhaustion (Some operations have the same effect as the committing action, e.g., bouncing a vlan-tagged interface in a successive way). Eventually, it could result in the l2cpd process crash.
PR Number Synopsis Category: Layer2 forwarding on EX/NTF/PTX/QFX
1484468 Packet loss might be observed after device rebooted or l2ald restarted in EVPN-MPLS scenario
Product-Group=junos
In EVPN-MPLS scenario, if the core-facing interface (mpls interface) and the CE-facing interface are on different PEs, and the traffic from core is not continuous and DMAC (Dynamic MAC) ages out, due to an incorrect flood next-hop programming across different PFEs, packet loss might be observed after device rebooted or l2ald restarted.
PR Number Synopsis Category: Label Distribution Protocol
1436119 Traffic loss might be seen after LDP session flaps rapidly
Product-Group=junos
On MX/PTX platforms under BGP scenario with LDP is enabled, if the knob "ecmp-fast-reroute"/"protect core" is configured, after the LDP session rapidly flaps and converges without any label change, traffic loss might be seen.
1459301 All LDP adjacencies flap after changing ldp preference
Product-Group=junos
When changing the protocol LDP preference, all LDP adjacencies would be bounced, it results in all LDP targeted sessions flapping.
1460292 High CPU usage and rpd coredump might be observed if "ldp track-igp-metric" is configured and IGP metric is changed
Product-Group=junos
If "protocols ldp track-igp-metric" is configured, metric change of IGP route might cause high CPU usage and rpd coredump on the device.
PR Number Synopsis Category: lldp sw on MX platform
1459441 Telemetry streaming of mandatory TLV 'ttl' learnt from LLDP neighbor is missing
Product-Group=junos
Mandatory TLV 'ttl' learnt from LLDP neighbors is not streamed along with other learnt parameters from neighbors
1460347 Multiple leaf's and prefixe's missing when LLDP neighbor added after the streaming started at global level
Product-Group=junos
Many attributes are not notified as part of LLDP on-change event when a new neighbor is learnt
1460621 Support of del_path for the LLDP neighbor change at various levels
Product-Group=junos
LLDP neighbor delete notificaton is supported event for paths /lldp/interfaces/interface/neighbors/neighbor/custom-tlvs/tlvs and /lldp/interfaces/interface/neighbors/neighbor/capabilities/capability
PR Number Synopsis Category: mc-ae interface
1452801 The MC-AE interface flaps after committing any configuration
Product-Group=junos
In Junos Fusion with the MC-AE interface that includes EP (extended-port) configuration scenario, any configuration commit (e.g. system syslog or interface description) may cause the MC-AE interface to flap.
PR Number Synopsis Category: Multiprotocol Label Switching
1416948 RSVP Path error received on a new LSP (new path calculated by CSPF) is not treated as Optimization
Product-Group=junos
The retry timer of a new MPLS LSP is set incorrectly if the LSP receives a PATH Error message while signaling.
PR Number Synopsis Category: FreeBSD Kernel Infrastructure
1439906 FPC might reboot if jlock hog occurs on all Junos VM based platforms
Product-Group=junos
On a JUNOS VM using TSC clocking from the host system, "jlock hog" messages may be seen. This may lead to FPCs reboot.
1450093 EX4300 : CLI config "on-disk-failure" is not supported
Product-Group=junos
On an EX4300 switch, the CLI configuration "set chassis routing-engine on-disk-failure disk-failure-action (reboot | halt)" is not supported.
PR Number Synopsis Category: Kernel MPLS / Tag / P2MP Infrastructure
1478806 Kernel crash and device restart might happen
Product-Group=junos
In a corner case on Junos platform, where the family ccc is configured along with any other existing family within the same interface, like inet, inet6, etc. (basically, Junos never allows to do so, but somehow a customer did it ). And if the family ccc is deleted from the interface, which might cause kernel crash and the device reboot automatically, so all the traffic will be interrupted.
PR Number Synopsis Category: IPv6/ND/ICMPv6 issues
1439844 DHCPv6 relay binding is not up when integrated routing and bridging(IRB) interface enabling DHCPv6 Snooping and Neighbor Discovery Inspection (NDI) simultaneously on EX9200
Product-Group=junos
In DHCPv6 relay scenario, when DHCPv6 snooping and NDI enable simultaneously on IRB interface on EX9200, DHCPv6 relay binding is not up.
PR Number Synopsis Category: JUNOS Network App Infrastructure (for ping, traceroute, etc)
1484689 Show system buffer command display's all zero in the MX104 chassis and it looks like cosmetic issue as there is no service impact reported
Product-Group=junos
Corrected the odl tags and buffer data handling while xmlizing the output.
PR Number Synopsis Category: Kernel socket data replication issues for protocols that use
1472519 The kernel may crash and vmcore may be observed after configuration change is committed
Product-Group=junos
On all Junos platforms, after committing the configuration change (e.g. removal of protocols like mpls, isis, ldp from the interfaces), then the kernel may crash and vmcore may be observed. This issue also may cause protocol adjacency failure.
PR Number Synopsis Category: PTX Broadway based PFE MPLS-LSPs RSVP VPNs tcc ccc software
1484255 FPC might crash when dealing with invalid next-hops
Product-Group=junos
On PTX3000/PTX5000 platform with some specific FPCs, if the weights of links are set to an invalid value on an AE bundle interface or unilist (an unilist next-hop composed of several unicast next-hops), the FPC crash might be observed. It is a rare issue and the FPC will try to reload to resolve this problem. Traffic loss might be seen before the FPC completes the reload period.
PR Number Synopsis Category: PTP related issues.
1420335 Resetting the Playback Engine logs are seen on MPC5E
Product-Group=junos
In some scenarios with PTP hybrid mode and MPC5E, continuous Resetting the Playback Engine log message. Playback engine resides inside MPC5E FPGA and it is responsible for maintaining the PTP states corresponding.
1477192 QFX10002-36Q/72Q: Continous Error logs on the device: prds_ptc_wait_adoption_status: PECHIP[1] PTC[1]: timeout on getting adoption valid bit[8] asserted
Product-Group=junosvae
Specific PTP error logs seen on the QFX10002-36Q/72Q switch even though there is no PTP configuration on the device. Errors keeps on occurring every 2 to 4 minutes. Error logs could still appear even after Hard reboot.
PR Number Synopsis Category: QFX Platform related (SYSLOG/ALARMS/miscellaneous)
1402852 File permissions are changed for /var/db/scripts files after reboot
Product-Group=junosvae
On newer QFX5K switches(QFX5K switch with qfx-5e image), file permissions are changed for /var/db/scripts files after reboot. This can impact scripts running on the box.
1409448 The 10G fiber interfaces might flap frequently when they are connected to other vendor's switch
Product-Group=junos
When QFX5100 and other vendor's switch are connected via 10G fiber link, flaps may happen sometimes.
PR Number Synopsis Category: QFX platform optics related issues
1457266 QFX5110 QSFP-100GBASE-SR4 made by Avago cannot linkup
Product-Group=junos
On QFX5110, interface on QSFP-100GBASE-SR4 whose Xcvr vendor is Avago on the QFX side cannot linkup, FEC errors might be seen on the other side. Note : Do not use 19.3R2-S2, 18.2R3-S3 and 18.2R3-S4 for this fix. The fix causes that FPC will go down when 100G link comes up and this leads FPC up and down every 90 seconds. The fix will work on 19.3R2-S3 and 18.2R3-S5 properly.
PR Number Synopsis Category: QFX PFE Class of Services
1476829 QFX Platforms are exhibiting invalid PFE PG counter pairs to copy, src 0xfffff80, dst 0
Product-Group=junos
On QFX Series Switches one may see "invalid PFE PG counter pairs" errors might be displayed as a result of polling class of service-related SNMP OIDs. These messages might eventually lead to interface counters not being populated properly.
PR Number Synopsis Category: Filters
1472206 Egress ACL filter entries will be only 512 in Junos OS Release 19.4R1 on QFX5K
Product-Group=junosvae
On QFX5K platforms with 19.4R1 release, the Egress ACL filter entries will be only 512 instead of 1022. If we configure an Egress PACL/RACL/VACL filter more than 512 terms, the filter might not be installed.
1472206 Egress ACL filter entries will be only 512 in Junos OS Release 19.4R1 on QFX5K
Product-Group=junos
On QFX5K platforms with 19.4R1 release, the Egress ACL filter entries will be only 512 instead of 1022. If we configure an Egress PACL/RACL/VACL filter more than 512 terms, the filter might not be installed.
1480776 ARP request packets for unknown host might get dropped in remote PE in EVPN-VXLAN scenario
Product-Group=junos
In EVPN-VXLAN environment, when local CE sends ARP request packets for unknown host, the packets will hit firewall-host queue in remote PE. It might trigger DDoS protection policer violations for firewall-host queue hence the ARP request packets might get dropped.
PR Number Synopsis Category: QFX L2 PFE
1439268 LACP state might get stuck in 'Attached' state after disabling peer active members.
Product-Group=junos
When LACP is configured with link protection and force-up on local device and peer device is configured with link protection, disabling the active member on peer device causes LACP state to be stuck in 'attached' state.
1454095 Changing the VLAN name associated with access ports may cause that MAC addresses can not be learned under EVPN-VXLAN scenario
Product-Group=junos
On the QFX5k platform with EVPN-VXLAN configured, if the VLAN name associated with access ports is changed, then the virtual bridge domain may not be created. Due to this, the MAC addresses will not be learned. This issue will cause traffic loss.
1473685 The RIPv2 packets forwarded across a L2circuit connection might be dropped
Product-Group=junos
When RIPv2 routes are received on a QFX5100/EX4600 platform, either to or from an L2 circuit connection, such packets are not propagated. This includes directed unicast RIPv2 packets.
1475005 On QFX platforms the system might stop new MAC learning and have impact on layer 2 traffic forwarding
Product-Group=junosvae
On QFX platforms, if there are a lot of MAC moves, the system might stop new MAC learning and lots of old MAC addresses might be stuck and couldn't be aged and deleted. Due to this issue, could have impact on layer 2 traffic forwarding and the customer service.
1475430 There might be traffic drop on QFX5110/5120 switches acting as leaf switch in a multicast environment with VxLAN
Product-Group=junos
In a multicast environment where IGMP-snooping is enabled with VxLAN and QFX5110/5120 switches act as leaf switch, there might be traffic drop as the switch might fail to forward the traffic to Assisted Replicator (AR-replicator)/Spines when BGP is flapped on Spine switch. This is a rare issue noticed when the route installation messages are received out-of-order on leaf switch.
PR Number Synopsis Category: QFX L3 data-plane/forwarding
1412873 Part of routes could not be provided into PFE when both IPv4 and IPv6 are used
Product-Group=junos
On EX and QFX platform with both IPv4 and IPv6 used, in rare case, IPv6 routes loading process will be started even IPv4 routes loading process is not finished yet, which causes part of IPv6 routes could not be provided into PFE finally. The issue will also happen if IPv4 routes start to be loaded without IPv6 routes loading finished. At the end, traffic drop will happen due to the lack of routes in PFE.
1493258 Traffic loss could be observed in mixed-VC setup of QFX5100 and EX4300
Product-Group=junos
On QFX5100 & EX4300 platforms, with a mixed-VC scenario there could be traffic loss on the Virtual Chassis port(VCP) when traffic ingress from QFX5100 and egress to EX4300.
PR Number Synopsis Category: QFX MPLS PFE
1474935 L2circuit might fail to communicate via VLAN 2 on QFX5K platforms
Product-Group=junos
On QFX5K platforms acting as L2circuit PE (tunnel terminating node), if VLAN 2 is used for L2circuit communication with CE node, the VLAN 2 packets might be dropped on PE.
PR Number Synopsis Category: QFX EVPN / VxLAN
1463939 JDI-RCT : QFX 5100 VC/VCF : Observing Error BRCM-VIRTUAL,brcm_vxlan_walk_svp(),6916:Failed to find L2-iff for ifl: while cleanup Evpan-VxLAN configs with Mini-PDT base configurations
Product-Group=junos
On QFX5100, Error BRCM-VIRTUAL,brcm_vxlan_walk_svp(),6916:Failed to find L2-iff for ifl: may come while cleanup Evpn-VxLAN configs. These are harmless messages.
PR Number Synopsis Category: QFX VC Infrastructure
1478905 The default VC MAC persistence timer is incorrectly set to 20 seconds instead of 20 minutes
Product-Group=junos
In QFX5200-32C, QFX5110 VC (Virtual Chassis) scenario, the default VC MAC (Media Access Control) persistence timer is incorrectly set to 20 seconds instead of 20 minutes. If the master VC member is rebooted, the new master member starts using its own MAC address as the system's MAC base address after only 20 seconds instead of 20 minutes. This results in issues like OSPF (Open Shortest Path First) stuck in "init" state after the master VC member reboot.
PR Number Synopsis Category: KRT Queue issues within RPD
1438597 The rpd crash might be seen during the booting process in certain conditions
Product-Group=junos
The rpd might crash during router boot up due to file pointer issue as there are two code paths that can close the file. We are attempting to close the file without validating the file pointer.
PR Number Synopsis Category: RPD Next-hop issues including indirect, CNH, and MCNH
1441550 The rpd may crash or consume 100% of CPU after flapping routes
Product-Group=junos
When flapping the existed flood nexthop type routes, it may cause rpd crash or consume 100% of CPU. This issue may cause routing protocols sessions/neighbors flap or traffic loss.
1458595 The rpd crash might be seen if BGP route is resolved over same prefix protocol next-hop in inet.3 table which has both RSVP and LDP routes
Product-Group=junos
In race condition, if BGP route is resolved over same prefix protocol next-hop in inet.3 table which has both RSVP and LDP routes, when the RSVP and LDP routes are flapping (firstly these routes are down and then up), the BGP route will be re-resolved, and then the rpd crash might be seen.
PR Number Synopsis Category: RPD route tables, resolver, routing instances, static routes
1459384 The rpd memory leak might be observed on backup routing engine due to BGP flap
Product-Group=junos
In a BGP scenario when certain routes are flapping frequently, it could lead to rpd memory leak on backup Routing Engine. The rpd might crash and restart once the rpd runs out of memory for certain junos releases.
PR Number Synopsis Category: Resource Reservation Protocol
1242558 Stale LSPs might exist if primary LSP goes down immediately after bypass LSP
Product-Group=junos
If the primary link goes down immediately after bypass (for example, FPC containing both primary and bypass, or both primary and bypass FPCs go down simultaneously) such that primary link goes down even before the PLR sends out any path message after bypass down, then the nodes downstream of the PLR along the LSP path will be left with stale LSP state until refresh timeout. This condition will not result in any traffic loss.
1476773 RSVP LSPs might not come up in scaled network with very high number of LSPs if NSR is used on transit router
Product-Group=junos
If NSR is enabled on transit router with scaled RSVP LSPs, RESV message might not be sent from transit router because the path messages replication on master RE does not complete in time. Hence RSVP LSPs might not come up with traffic impact.
PR Number Synopsis Category: platform related PRs on SRX branch platforms
1451474 Priority tagged packets might be dropped with QinQ and native-vlan-id configuration on SRX branches platforms
Product-Group=junos
On SRX-branch platforms, if QinQ and native-vlan-id are configured, priority tagged packets (Priority tagged packets have their VLAN ID set to 0, and their priority code point bits might be configured with a CoS value.) would be dropped. Below is the detail. The newly added configuration "set interface input-native-vlan-push" is not supported by branch SRX. By default, input-native-vlan-push is disabled, which will cause untagged packets ingress from UNI (user-to-network) will not be added with inner tag on egressing out of NNI (network-to-network interface), and the priority only tagged packets ingress from UNI will be stripped of the priority tag when it egresses out of the UNI in the other end. Hence packets drop would be seen.
PR Number Synopsis Category: Stout PF fabric (SFB2)
1461356 Traffic might be impacted because the fabric hardening is stuck
Product-Group=junos
Fabric hardening (FH) is the process of controlling bandwidth degradation to prevent traffic black hole. When FH is processing, if SFB/SCB get failure, FH process will be stuck, which will get traffic lost.
PR Number Synopsis Category: MX10003/MX204 Platform SW - Chassisd s/w defects
1436832 The device may not be reachable after a downgrade from some releases
Product-Group=junos
It is possible that there are multiple processes try to access CB FPGA concurrently. This can lead to the system hung state immediately after bootup. This fix makes "alarmd" process retries if it failed to gain access to the FPGA. This will prevent alarmd to hang the router during boot-up.
PR Number Synopsis Category: MX10003/MX204 MPC defects tracking
1474231 QSA adapter Lane 0 port might be also brought down when disabling one of the other lanes
Product-Group=junos
When QSA adapter is installed, the Lane 0 port might be also in down state when disabling one of the other lanes (1, 2 or 3) due to the chan number not entertained. It is not expected behaviour and it might affect service.
PR Number Synopsis Category: Trio pfe l3 forwarding issues
1478279 FPC memory leak might happen after executing "show pfe route"
Product-Group=junos
On all Junos platforms, if the command "show pfe route " is executed to dump the Packet Forwarding Engine (PFE) routes, and then the routes get deleted by some events, for example, Virtual Routing and Forwarding (VRF) configuration removal or Border Gateway Protocol (BGP) flap, the FPC memory leak might happen due to this issue. In large scaled scenario, the memory leak will increase by large amount which might be more easier to cause FPC crash.
PR Number Synopsis Category: Authentication, Authorization, Accounting, PAM (RADIUS/tacplus)
1478959 SSH login may hang and the TACAS plus server closes the connection without sending any authentication failure response
Product-Group=junos
On all Junos platforms, the SSH login session may hang if Junos device is sending an authentication request to the TACACS plus server with an incorrect secret and the TACAS plus server closes the connection without sending any authentication response.
PR Number Synopsis Category: Junos Automation, Commit/Op/Event and SLAX
1479803 The SLAX script may be lost after upgrading software
Product-Group=junos
From 15.1 onwards with event script, commit script or op script configured, the SLAX script might be lost after a software upgrade, this might cause the Junos full config cannot be loaded.
PR Number Synopsis Category: Configuration mgmt, ffp, load-action, commit processing
1468119 Daemons might not be started if "commit" is executed after "commit check"
Product-Group=junos
On Junos from 16.2R1 onwards, if "commit" is executed after "commit check", the daemon (e.g. dhcpd, sampled) might not be started even the related configuration is successfully committed.
PR Number Synopsis Category: UI Infrastructure - mgd, DAX API, DDL/ODL
1423500 Configuration commit might fail when the file system gets into full state
Product-Group=junos
On all Junos platforms, when the file system gets into full state and there is no enough spare disk space, it might get into a problematic system condition in some corner case while doing configuration commit. After that, if consecutive commits are still done in such a problematic status, commit-check failure logs might be seen eventually. Due to this issue, some processes might be not running even if its configuration is present.
1464439 The CPU utilization on mgd daemon might be stuck at 100% after the netconf session is interrupted by flapping interface
Product-Group=junos
If a netconf session is initiated over an inband connection, the CPU utilization on mgd daemon might be stuck at 100% after the netconf session which is executing an RPC call for some commands gets interrupted by flapping interface. There is no impact observed to control-plane or forwarding-plane, the subsequent netconf session will continue to function.
1465171 Commit script does not apply changes in private mode unless a commit full is performed
Product-Group=junos
Commit script does not apply changes in private mode unless a commit full is performed.
PR Number Synopsis Category: PTX/QFX10002/8/16 specific software components
1409585 The port at FPC(e.g. JNP10K-LC1101) might fail to come up
Product-Group=junos
On rare occasions, the port at FPC(e.g. JNP10K-LC1101) might fail to come up due to the retimer initialization failure upon the FPC reboot/OIR and a QSFP OIR.
1420864 PF Core Voltage is not set as per the required e-fuse value and remains to the default value (0.9V) on JNP10008-SF and JNP10016-SF
Product-Group=junosvae
Certain JNP10008-SF and JNP10016-SF manufactured between July 2018 and March 2019 might have an incorrect core voltage setting. The issue can be corrected by reprogramming the core voltage and updating the setting in NVRAM memory.
1450090 "Power supplies" LED on the status panel stays green while one or more PEMs have FAULT LED turned on
Product-Group=junosvae
"Power supplies" LED on the status panel stays green while one or more PEMs have FAULT LED turned on due to expected feed missing
1452604 PLL errors might be seen after FPC reboot or restart
Product-Group=junos
On MX10008/MX10016 platforms, when FPC reboot or restart by any means, PLL_CMERROR_MPC_LMK04906_WAN_LD and PLL_CMERROR_MPC_LMK04906_WAN_LOS errors might be seen shortly after the FPC comes back online.
1471679 ARP suppression (default enabled) in EVPN not working on MX10008/MX10016 line cards.
Product-Group=junosvae
If MX10008 or MX10016 function as provider edge (PE) devices in an Ethernet VPN-MPLS (EVPN-MPLS) or Layer 3 VXLAN gateways in an Ethernet VPN-Virtual Extensible LAN (EVPN-VXLAN) environment, ARP suppression is enabled by default, when the ARP expires on any the CPE's, it sends out an ARP REQ broadcast message, this should be suppressed by the PE(MX10008/MX10016). However, ARP broadcast received on MX10008/MX10016 seems to flood.
1475871 Traffic loss might be seen as backup RE takes around 20 seconds to acquire mastership
Product-Group=junos
On the MX10008/10016 platforms, when GRES and NSR are configured, backup RE will take about 20 seconds to acquire mastership after kernel crash on master RE. Due to this long switching time, traffic loss might be seen. Normal RE mastership switchovers are not affected by this issue.
PR Number Synopsis Category: PTX/QFX100002/8/16 platform software
1464119 FPC might restart during run time on PTX10K/QFX10K platforms
Product-Group=junos
On PTX10K/QFX10K platforms, FPC might restart if there is some corruption in BCM (Broadcom) switch (a small internal ethernet switch, instead of PFE engine) inside the FPC. It is a timing issue. The reason is that the PCIe speed configuration for BCM switch is not correct. And this issue is resolved in some FPC U-boot versions.
PR Number Synopsis Category: Virtual Private LAN Services
1295664 LSI interface might not be created causing remote MACs not being learnt with error log of "RPD_KRT_Q_RETRIES: ifl iff add: Device busy"
Product-Group=junos
With VPLS being configured, after upgrade to 15.1/16.1/17.x releases, in some circumstances VPLS LSI interface are not correctly created, causing remote MACs not being learnt and L2 VPLS outage. The issue is not reproduced and the code change is not a fix but add a instrumentation using a hidden command 'show vpls ipc-history', which should be captured right away when the issue is seen on latest releases. show vpls ipc-history <<<<< show vpls connections show krt queue show route forwarding-table extensive /var/log/messages
PR Number Synopsis Category: ZT pfe l3 forwarding issues
1474160 An MPC11 crash might occur on MX2K platform using multi-dimensional advanced scale configuration having Inline Keep Alive Sessions
Product-Group=junos
On an MX2k platform, in a rare scenario, after loading a complex multiple dimensional configuration with scaled Inline KA sessions, an MPC11 crash might occur due to transient condition of change and add of Inline Keep alive sessions.
 

18.4R2-S4 - List of Known issues

PR Number Synopsis Category: MX10008/16 Platform
1420571 "show chassis power" output status doesn't seem right and there are also similar error messages in the syslog after turn off / on the power feed
Product-Group=junos
After changing the power feed(s), either turn off or turn on, show chassis power outputs do not match real condition and there are also incorrect Syslog information recorded.
PR Number Synopsis Category: QFX Access control list
1476708 ARP packets are always sent to CPU regardless of whether the storm-control is activated
Product-Group=junos
On QFX5K platforms with VXLAN or VLAN scenario, ARP packets are not rate limited by the storm-control settings as the ARP packets will be copied to CPU by VLAN register settings and can be only rate limited by the CPU Queues rate-limit settings (ARP DDOS Queues).
PR Number Synopsis Category: QFX PFE L2
1359031 TPI-52277:"Targeted-broadcast forward-only" does not broadcast the traffic.
Product-Group=junos
TPI-52277: The "Targeted-broadcast forward-only" command does not broadcast the traffic.
1455654 EVPN-VXLAN: New Tenant addition and deletion leading to INTRAVNI traffic drop for few milliseconds.
Product-Group=junos
On QFX5120, during new tenant addition, there may be few transient packet drops (2 - 15 pkts) for couple of random intra-vni traffic streams in a EVPN-VXLAN topology for the existing tenants. The drop is almost negligible and is auto recovered.
1499422 The FPC will go down when 100G link comes up on the network port of the QFX5110-48S device
Product-Group=junos
On the QFX5110-48S device running on Junos 19.3R2-S2, 18.2R3-S3 or 18.2R3-S4, the FPC will go down when the 100G link comes up on the network port. This leads to FPC up and down every 90 seconds. During the prolem state running CLI "show chassis fpc detail" will not yield any output for upto 90sec. user@device> show chassis fpc detail. <-------- Empty Once FPC state transition back to online state, the 100G transceivers gets detected and fpc flap is seen again. This behavior is seen continuously as long as 100G transceivers remain connected to the QFX device in question. If 100G interfaces gets disabled from CLI or physically removed from the QFX switch, the FPC flap will no longer be seen. Note: This issue is not applicable when 100G-QSFP is used as a VCP port on QFX5110-48S.
PR Number Synopsis Category: QFX L3 data-plane/forwarding
1433884 JDI-RCT: EVPN-VXLAN NON-COLLAPSED: Traffic loss observed during longevity runs
Product-Group=junos
Adjust DDOS Value appropriately
PR Number Synopsis Category: QFX VC Datapath
1490552 QFX5K VC : ddos violations happened on backup are not reported to RE
Product-Group=junos
On QFX5K VC, ddos violations happened on backup are not reported to RE
PR Number Synopsis Category: ACX Services feature
1479710 dcpfe core when disabling/enabling macsec via Toby scripts
Product-Group=junos
dcpfe core when disabling/enabling macsec via Toby scripts
PR Number Synopsis Category: Border Gateway Protocol
1391084 Race condition causes all the BGP sessions to flap after NSR switchover
Product-Group=junos
With GRES and NSR enabled, if executing switchover, in very rare cases, all the BGP session might flap because of a race condition.
1403186 All the BGP session flap after RE switchover
Product-Group=junos
With GRES and NSR enabled, if executing RE switchover, BGP session might flap in some scenario. When Junos version have the fix of PR-1440694, BGP session always flap after doing RE switchover.
1446383 The BGP route prefixes are not being advertised to the peer
Product-Group=junos
In the graceful-restart and delay-route-advertisements are configured scenario, when a BGP router is waiting for the End-Of-Rib message from the upstream BGP peer, the received corresponding set of NLRI (network layer reachability information) might be held in the Rib-Out and not being sent to the downstream BGP peers. This issue will cause the route update failure.
1454198 The rpd scheduler slip for BGP GR might be up to 120s after the peer goes down
Product-Group=junos
In BGP GR (graceful-restart) scenario (graceful-restart is configured for BGP or GR-helper mode is enabled by default), when high-scale routes get learnt from one peer, the rpd scheduler slip might be up to 120s after that BGP peer flaps.
1466709 BGP peers might flap if the parameter of hold-time sets small
Product-Group=junos
On all Junos platforms with BGP enabled, the hold timer is still running when the session is to processing BGP updates to peers, but the keepalive messages which BGP peer sends might be skipped. If the BGP updates in handling cannot be completed within the hold timer (e.g., manually sets the hold-time to 3s), the BGP peer flaps might be observed.
1481589 The rpd process might crash with BGP multipath and route withdraw occasionally
Product-Group=junos
In BGP multipath scenario on all Junos platforms, if original active/best BGP multipath routes got flapped occasionally, some routes, which are changed from best routes to alternative now, are removed from the BGP multipath route list, but its multipath flag are not cleared, due to some temporarily incorrect route reorder in BGP. And when the currently active route got withdrawn for some reason, and the original best routes again become the best routes then rpd might hit an assert and crash.
PR Number Synopsis Category: dhcpd daemon
1471161 DHCP relay with forward-only might fail to send OFFER messages when DHCP client is terminated on logical tunnel interface
Product-Group=junos
On all Junos platforms, when DHCP relay is configured with forward-only, and DHCP client is terminated on logical tunnel interface that multiple IFLs under this lt- interface have a same VLAN, DHCP relay might fail to send OFFER messages.
PR Number Synopsis Category: Express PFE CoS Features
1452013 "show cos scheds-per-pfe" and "show cos pfe-scheduler-ifds" pfe commands will restart forwarding planes on QFX10008 switches
Product-Group=junos
Without this fix, "show cos scheds-per-pfe" and "show cos pfe-scheduler-ifds" PFE cli will cause the forwarding plan to restart on QFX10008 switches. See also PR1449645
PR Number Synopsis Category: Express PFE FW Features
1426539 The host-bound traffic might be dropped after performing change configuration related to prefix-list
Product-Group=junos
On PTX1K/10K, PTX3K/5K with FPC3 or QFX10K series, if the prefix entries configured in prefix-list exceeds the limit what the Packet Forwarding Engine (PFE) chipset supports, some unexpected behavior might be observed (e.g. the host-bound traffic drops) after performing change operation related to the prefix-list configuration (e.g. add a prefix to prefix-list which is associated with filter).
1432116 The FPC might crash when a firewall filter is modified
Product-Group=junos
In QFX10K/PTX series platforms, if a firewall filter with multiple match conditions is configured on interfaces which are Up and the firewall filter is modified (either a new action is added or the condition is added/removed etc.), the FPC might crash and restart. It might affect the service/traffic.
PR Number Synopsis Category: Express pfe Mclag
1488166 Traffic getting dropped on doing ifd deactivate/activate trigger with mclag configurations on QFX10002
Product-Group=junos
Traffic getting dropped on doing ifd deactivate/activate trigger with mclag configurations on QFX10002
PR Number Synopsis Category: Libjtask for RPD tasks, scheduler, timers, memory, and slip
1418192 The rpd process may crash if restarting the rpd or deactivating "logical-system"
Product-Group=junos
The rpd process might generate a core file when the user intentionally restarts the rpd or deactivates logical-system.
1472643 Performing back-to-back rpd restarts might cause rpd to crash
Product-Group=junos
On all Junos platforms, after performing back-to-back rpd restarts, rpd might crash. The rpd core may be observed after a timeout of 10 mins.
PR Number Synopsis Category: Flow Module
1465944 Junos OS: High-End SRX Series: Multicast traffic might cause all FPCs to reset. (CVE-2020-1634)
Product-Group=junos
On High-End SRX Series devices, in specific configurations and when specific networking events or operator actions occur, an SPC receiving genuine multicast traffic may core. Refer to https://kb.juniper.net/JSA11014 for more information.
PR Number Synopsis Category: Security platform jweb support
1499280 Junos OS: Security vulnerability in J-Web and web-based (HTTP/HTTPS) services
Product-Group=junos
Junos OS: Security vulnerability in J-Web and web-based (HTTP/HTTPS) services (CVE-2020-1631). Refer to https://kb.juniper.net/JSA11021 for more information.
PR Number Synopsis Category: Layer 2 Control Module
1473610 ERP might not come up properly when MSTP and ERP are enabled on the same interface
Product-Group=junos
When both MSTP and ERP are enabled on the same interface, then ERP will not come up properly.
PR Number Synopsis Category: Application specific PRs (cos/snmp/time-sync/routing/BRAS)
1493699 [subscriber_services] [all] JDI_BBE_REGRESSIONS: DHCP subscribers not coming up as expected after deactivating vcp port
Product-Group=junos
In 20.1R1, for MX-VC platforms, setting or deleting a VC port causes other VC ports on the same FPC/MIC slot to bring link state down for a few seconds, possibly interrupting communication with the other member chassis.
PR Number Synopsis Category: Multiprotocol Label Switching
1282369 The rpd on backup RE might crash when the rpd on master RE restarts
Product-Group=junos
With nonstop active routing (NSR), when the routing protocol process (rpd) restarts on the master Routing Engine, the rpd on the backup Routing Engine might restart.
1439251 Traffic blackholing after the LSP protection link on Huawei transit router goes down
Product-Group=junos
In RSVP with protection scenario, if the transit router is from Huawei, the LSP might go in stuck state and the MPLS traffic gets blackholed for 15s-20s after both the main and protected path on Huawei transit router go down.
1457681 The rpd crash may be observed with traceoption enabled in MPLS
Product-Group=junos
On all Junos platforms, If the traceoption is enabled in MPLS and SNMP polling is going on, and during route lookup match a given route which one is neither router next-hop nor chain next-hop, then rpd crash may be observed. The rpd crash may cause all the routing protocols adjacencies to be reestablished.
PR Number Synopsis Category: Neo Interface
1453433 Interfaces shutdown by 'disable-pfe' action might not be up using MIC offline/online command
Product-Group=junos
On the MX platform, the MPC wedge might cause 'disable-pfe' action. The 'disable-pfe' action will shutdown interfaces to avoid traffic blackholing. MIC bouncing (offline/online) operation will bring WAN interfaces up causing traffic blackholing. Restoring the PFE entity upon disable-pfe action needs an MPC restart.
PR Number Synopsis Category: OS IPv4/ARP/ICMPv4
1437302 The next-hop MAC address in the output from "show route forwarding-table" command might be wrong
Product-Group=junos
Cosmetic problem cli display of wrong next hop mac address in show route forwarding-table command.
PR Number Synopsis Category: FreeBSD Kernel Infrastructure
1463802 The scheduled tasks might not be executed if "cron" daemon goes down without restart automatically
Product-Group=junos
The service utility "cron" runs in the background and regularly checks /etc/crontab for tasks to execute and searches /var/cron/tabs for custom crontab files. These files are used to schedule tasks which "cron" runs at the specified times. "cron" daemon is started during boot. If for some reason, the "cron" process exits, the scheduled tasks will not be executed. "cron" was not restarted automatically and had to be started manually.
PR Number Synopsis Category: PTX Broadway based PFE MPLS-LSPs RSVP VPNs tcc ccc software
1131797 PTX not tunneling certain types of L2 packets into L2circuit connection.
Product-Group=junos
When a PTX Series router is used as a PE router for L2circuit connections, there are certain Layer 2 related protocols like LACP, LLDP , or STP that will not get tunneled in to the L2circuit path by the PTX Series. Instead of tunneling the packets into the L2circuit path, the PTX Series will punt them to the Routing Engine, causing the packets to not reach the other end of the L2circuit. Packets like ARP work fine. The PTX Series chipset performs a classification on the affected L2 packets and sends it to the Routing Engine instead of pushing in through the MPLS tunnel in L2circuit scenarios.
PR Number Synopsis Category: Chassis mgmt for all QFX systems - chassis MIB, alarms, CLI
1456742 The laser from the 10G SFP+ interface is still on when the interface is disabled or the device is rebooted
Product-Group=junos
On the QFX5210/QFX5110/QFX5100 platform, the laser is still emitting from 10G SFP+ port even though the interface is disabled or the device is rebooted. It will cause the peer's interface is still up and might impact traffic.
PR Number Synopsis Category: Interface related issues. Port up/down, stats, CMLC , serdes
1465302 The physical interface of AE (Aggregated Ethernet) might take time to come up after disable/enable
Product-Group=junos
On Junos platforms, the physical interface of AE might come up after a long delay (4 mins) if there are millions of bgp routes learnt on the device. This delay is happening because PFE Manager thread is busy processing the routing updates from RE. These routing updates are the result of AE interface going down at the first step of disabling the interface.
PR Number Synopsis Category: QFX ISSU Infrastructure
1438690 ISSU might fail on QFX5200 platforms
Product-Group=junosvae
Unified ISSU might fail from 17.2X75-D43.2 to some target versions on QFX5200 platforms. And dcpfe crash might be seen.
PR Number Synopsis Category: QFX Platform related (SYSLOG/ALARMS/miscellaneous)
1387098 Traffic loss may be observed due to switch modular failure on CB
Product-Group=junos
On QFX10008/QFX10016/PTX10008/PTX100016 platforms, traffic loss might be observed because of switch modular failure on the Control Board (CB). This failure further causes all SIBs to be marked as faulty and causes FPCs to restart until Routing Engine switchover occurs.
1480149 JDI-RCT: Mini-PDT-IPCLOS: LBCM-L2,pfe_shm_vrf_hw_token_map_add(),4987:MHOP pfe_shm_vrf_hw_token_map_add parameters are wrong error observed after loading baseconfig
Product-Group=junos
LBCM-L2,pfe_shm_vrf_hw_token_map_add(),4987:MHOP pfe_shm_vrf_hw_token_map_add parameters are wrong error observed after loading baseconfig
PR Number Synopsis Category: QFX access control list
1487679 QFX5100: If more than one UDF filter/term is configured, then only the first filter/term will be programmed in H/w. This is due to SDK 6.5.16 upgrade.
Product-Group=junos
QFX5100: If more than one UDF filter/term is configured, then only the first filter/term will be programmed in H/w. This is due to SDK 6.5.16 upgrade.
PR Number Synopsis Category: QFX L2 PFE
1417546 uRPF in strict mode doesn't work on QFX 5110 and QFX 5120
Product-Group=junos
On QFX5110 and QFX5120 platforms, uRPF check in strict mode might not work properly.
PR Number Synopsis Category: QFX MPLS PFE
1387559 Err log of 'nh_unilist_update_weight:2541NH: Failed to inc re-route counters for nh' shown in vty mode
Product-Group=junos
Error logs are expected when routes point to the target next hop, which in turn point to hold next hops. These error logs are present for a short time. Later, when the next hop changes from a hold next hop to valid next hop, unilist next hops will be walked again and updated with the appropriate weight and reroute counters, and no more error logs will be seen.
PR Number Synopsis Category: MPC7/8/9 Kernel or ukernel SW issues
1471006 Syslog message : "fpcX user.notice logrotate: ALERT exited abnormally with [1]" pops at 04:02:01
Product-Group=junos
The below logrotate ALERT message is logged everyday at 04:02:01.000. Oct 15 04:02:01.000 mx2020-re0 : %PFE-5: fpc8 user.notice logrotate: ALERT exited abnormally with [1] Oct 21 04:02:01.000 mx2020-re0 : %PFE-5: fpc8 user.notice logrotate: ALERT exited abnormally with [1] Oct 23 04:02:01.000 mx2020-re0 : %PFE-5: fpc8 user.notice logrotate: ALERT exited abnormally with [1]
PR Number Synopsis Category: RPD Interfaces related issues
1443238 The BGP session is failed to be established when remote side initiates connection and firewall filter used to decapsulate BGP packets from GRE tunnel
Product-Group=junos
The BGP session establishing over the GRE (Generic Routing Encapsulation) tunnel will be failed when the router receives the BGP packets encapsulated as GRE and uses the firewall filter action to decapsulate GRE header.
PR Number Synopsis Category: KRT Queue issues within RPD
1446320 ,The rpd process might crash when it is terminated immediately after it has been started
Product-Group=junos
When the rpd process is terminated immediately after it has been started, the rpd process might crash due to a race condition.
PR Number Synopsis Category: RPD Next-hop issues including indirect, CNH, and MCNH
1242589 In a BGP/MPLS scenario, if the next-hop type of label route is indirect, disabling and enabling the "family mpls" of the next-hop interface might cause the route to go into a dead state
Product-Group=junos
In a BGP or MPLS scenario, if the next-hop type of label route is indirect, then the following changing events about the next-hop interface MPLS family might cause the route to be in DEAD state, and the route will remain dead even when the family MPLS is again activated. The following events occur: Deactivating and activating the interface family mpls Deleting and adding back the interface family mpls Changing maximum labels for the interface Note: When a labelled route is resolved over an interface, that interface must have family mpls configured for the route to be successfully resolved. Otherwise the route does not get resolved.
1460786 IPv6 Prefix might be hidden when received over IPv4 BGP session
Product-Group=junos
When labeled-IPv6 and non-labeled IPV6 prefixes are received with the same protocol nexthop and the outgoing interface does not have MPLS family enabled, the IPv6 non-labeled route will be in inactive state and remains in hidden state.
PR Number Synopsis Category: RPD route tables, resolver, routing instances, static routes
1431227 IPv6 aggregate routes are hidden
Product-Group=junos
IPv6 aggregate routes get hidden in the routing table until the rpd is restarted in some rare situations.
PR Number Synopsis Category: show route table commands, tracing, and syslog facilities
1421076 RPD crash might occur when changing prefix list address from IPv4 to IPv6
Product-Group=junos
RPD crash might occur when changing prefix list address from IPv4 to IPv6 Configure IPv4 prefix-list: set policy-options prefix-list PREFIX_LIST 10.0.0.0/24 Configure a policy that has "then next policy" term: set policy-options policy-statement POLICY term PREF from prefix-list PREFIX_LIST set policy-options policy-statement POLICY term PREF then next policy set policy-options policy-statement POLICY term END then reject commit Note: If a terminating action is used for term PREF (such as "then accept"/"then reject") the core does not appear. Change prefix-list using "replace-pattern" [edit policy-options prefix-list PREFIX_LIST] replace pattern 10.0.0.0/24 with 2001:10::/64 commit RPD crash occurs
PR Number Synopsis Category: Resource Reservation Protocol
1442789 The backup LSP Path messages are rejected if the bypass tunnel path is an inter-area LSP
Product-Group=junos
With a protected LSP configured with strict hops, if a bypass tunnel for the protected LSP happens to be an inter-area LSP (the bypass tunnel destination is on a node behind the ABR along the bypass tunnel path), then the backup LSP Path messages generated by the Point of Local Repair (PLR) are encoded incorrectly causing the Merge Point (MP) to reject the backup LSP Path messages.
PR Number Synopsis Category: MPC7/8/9 Interface Issues
1441816 Egress stream flush failure and traffic blackhole might occur
Product-Group=junos
Egress stream flush failure and silent dropping of traffic could occur in a rare occasion for a repeatedly flapping link on MPC7E, MPC8E, and MPC9E cards.
PR Number Synopsis Category: Stout cards (MPC8, MPC9) fabric issues
1395591 MPC9E throughput degradation after offline SFB2 on MX2008
Product-Group=junos
On MX2008 routers with MPC9E, in a line rate traffic with a redundant SFB2 scenario, if you offline one redundant SFB2, there might be tail or sometimes WRED drops in MPC9E, resulting in partial traffic loss. Under normal circumstances, the SFBs should be auto-failover if one of them fails, and there should be only a few packets dropped momentarily.
PR Number Synopsis Category: Trio pfe bridging, learning, stp, oam, irb software
1472222 JDI-RCT:M/Mx: Linecard Errors found at HALP-trinity_nh_dynamic_mcast_add_irb_topo:3520 snooping-error: invlaid IRB topo/ IRB ifl zero in l2 nh 40495 add IRB
Product-Group=junos
Linecard Errors found at HALP-trinity_nh_dynamic_mcast_add_irb_topo:3520 snooping-error: invlaid IRB topo/ IRB ifl zero in l2 nh 40495 add IRB
PR Number Synopsis Category: Trio pfe l3 forwarding issues
1432724 Output traffic statistics might be incorrect with RE generated traffic
Product-Group=junos
Statistics of traffic generated by the Routing Engine on the MX platform might be incorrect. The 'Output bytes' counter is off by 6 bytes per packet for outbound traffic going out of MPC1E/2E/2E-NG/3E/3E-NG/4E/5E/6E interfaces. The same issue is not seen on the TurboTx path with linux based FPCs (e.g. MPC7E/8E/9E and PTX FPC3).
PR Number Synopsis Category: UI Infrastructure - mgd, DAX API, DDL/ODL
1341650 While downgrading a JunOS platform from a later release, the router goes into amnesiac state.
Product-Group=junos
While downgrading a JunOS platform from a later release, the box goes into amnesiac state with error below during system boot up. Creating initial configuration: ... mgd: error: commit-script mgd: error: could not open translation script: /var/db/scripts/translation/openconfig-policy.slax: No such file or directory mgd: error: 1 error reported by translation scripts mgd: error: translation script failure Warning: Commit failed, activating partial configuration. Warning: Edit the router configuration to fix these errors.
1455960 Multiple daemons may crash on committing configuration changes related to groups
Product-Group=junos
If the knob 'persist-groups-inheritance' is enabled, when an user executes a 'delete' operation (delete the entire configuration) and selects 'no', later when the user tries to commit the configuration changes related to 'groups', multiple daemons might crash.
PR Number Synopsis Category: Issues related to Logging/Tracing, errmsg, eventd infrastruc
1380764 EX2200 traceoption stop writing to log file
Product-Group=junos
In a rare case, where trace files are not properly closed by the OS, traceoption logs might stop writing to a log file.
PR Number Synopsis Category: PTX/QFX10002/8/16 specific software components
1450090 "Power supplies" LED on the status panel stays green while one or more PEMs have FAULT LED turned on
Product-Group=junos
"Power supplies" LED on the status panel stays green while one or more PEMs have FAULT LED turned on due to expected feed missing
1471679 ARP suppression (default enabled) in EVPN not working on MX10008/MX10016 line cards.
Product-Group=junos
If MX10008 or MX10016 function as provider edge (PE) devices in an Ethernet VPN-MPLS (EVPN-MPLS) or Layer 3 VXLAN gateways in an Ethernet VPN-Virtual Extensible LAN (EVPN-VXLAN) environment, ARP suppression is enabled by default, when the ARP expires on any the CPE's , it sends out an ARP REQ broadcast message , this should be suppressed by the PE(MX10008/MX10016). However, ARP broadcast received on MX10008/MX10016 seems to flooded.
PR Number Synopsis Category: VMHOST platforms software
1438219 Upgrading will fail due to communication failure between Junos VM and Host OS
Product-Group=junos
Communication between the host OS and Junos VM may occur where initial log message is lost or ignored allowing the system to remain in this state until identified when issuing show vmhost CLI commands. This PR adds a chassis alarm that remains present until the communication between the host OS and Junos VM is restored through system reboot (request vmhost reboot).
Modification History:
First publication 2020-05-14
Comment on this article > Affected Products Browse the Knowledge Base for more articles related to these product categories. Select a category to begin.

Getting Up and Running with Junos

Getting Up and Running with Junos Security Alerts and Vulnerabilities Product Alerts and Software Release Notices Problem Report (PR) Search Tool EOL Notices and Bulletins JTAC User Guide Customer Care User Guide Pathfinder SRX High Availability Configurator SRX VPN Configurator Training Courses and Videos End User Licence Agreement Global Search