Support Support Downloads Knowledge Base Juniper Support Portal Community

Knowledge Base

Search our Knowledge Base sites to find answers to your questions.

Ask All Knowledge Base Sites All Knowledge Base Sites JunosE Defect (KA)Knowledge BaseSecurity AdvisoriesTechnical BulletinsTechnotes Sign in to display secure content and recently viewed articles

18.1R3-S10: Software Release Notification for JUNOS Software Version 18.1R3-S10

0

0

Article ID: TSB17792 TECHNICAL_BULLETINS Last Updated: 26 May 2020Version: 1.0
Alert Type:
SRN - Software Release Notification
Product Affected:
ACX, EX, PTX, MX, QFX, vMX, vRR, SRX, vSRX
Alert Description:
Junos Software Service Release version 18.1R3-S10 is now available for download from the Junos software download site
Download Junos Software Service Release:
  1. Go to Junos Platforms - Download Software page
  2. Input your product in the "Find a Product" search box
  3. From the Type/OS drop-down menu, select Junos SR
  4. From the Version drop-down menu, select your version
  5. Click the Software tab
  6. Select the Install Package as need and follow the prompts
Solution:

Junos Software service Release version 18.1R3-S10 is now available.

18.1R3-S10 - List of Fixed issues

PR Number Synopsis Category: Software build tools (packaging, makefiles, et. al.)
1417345 The JSU package installation may fail
Product-Group=junos
In a specific scenario, the JSU (Junos OS selective upgrade) package installation on a router which has JET (Juniper Extension Toolkit) package installed may fail due to "Operation not permitted" error. This issue does not impact service and traffic.
PR Number Synopsis Category: DOT1X
1462479 EX-4600-EX-4300: Mac entry missing in Ethernet-Switching table for Mac-radius client in server fail scenario when tagged is sent for 2 client
Product-Group=junos
In case of server_fail scenario, When tagged traffic is sent for first client MAC learning happen for both data and voice. But for second client on same interface learning happening only for voice. Because vlan is already added for an interface due to first client authentication process.
PR Number Synopsis Category: LLDP
1464553 The LLDP packets might get discarded on all Junos platforms
Product-Group=junos
On all Junos platforms, the LLDP packet received from any other vendor might get discarded. The issue is seen when there are two location-id in the same packet and the Junos device considers the LLDP packet as duplicate and discards it. This might result in the PoE phone not coming up or neighborship information not getting exchanged.
PR Number Synopsis Category: EX4300 PFE
1428124 VIP might not forward the traffic if VRRP is configured on an AE interface
Product-Group=junos
On EX4300 platform with VRRP configured on an AE interface, if the VIP address is different than the interface address, VIP address might not forward the traffic destined to the AE interface and not respond to ICMP request.
1491348 The traffic destined to VRRP VIP might be dropped after the IRB interface is disabled on the initial VRRP primary
Product-Group=junos
On the EX4300 virtual-chassis scenario, the traffic destined to the VRRP Virtual IP Address (VIP) might be dropped on the Virtual-Chassis if the VRRP IRB interface is disabled on the initial VRRP primary. For details, please refer to the following topology and problem description.
PR Number Synopsis Category: EX9200 Platform
1467459 The MAC move message may have an incorrect "from" interface when MAC moves rapidly
Product-Group=junos
On the EX2300/3400/4300/4600/9200 platform, in some cases, if MAC moves rapidly, traffic might be impacted and the MAC move message might have an incorrect "from" interface.
PR Number Synopsis Category: EX2300/3400 PFE
1369678 Virtual Chassis split followed by fxpc core file might occur upon scaling VLAN members
Product-Group=junos
Virtual Chassis split followed by fxpc core might occur when configuring more than 4000 VLANs, with each VLAN having more than 16 members.
1434646 Packet drop might be seen if native VLAN is configured along with flexible VLAN tagging
Product-Group=junos
When the native VLAN is configured along with the flexible VLAN tagging on a L3 subinterface, untagged packets might be dropped on that L3 subinterface.
PR Number Synopsis Category: EX2300/3400 platform
1452209 The MAC Pause frames will be incrementing on Receive direction if half duplex mode on 10M or 100M speed is configured
Product-Group=junos
On EX3400 with half duplex mode on 10M or 100M speed at medium traffic rates, MAC pause frames will be seen on the port and egress traffic on the port will stop to flow.
1452209 The MAC Pause frames will be incrementing on Receive direction if half duplex mode on 10M or 100M speed is configured
Product-Group=junosvae
On EX3400 with half duplex mode on 10M or 100M speed at medium traffic rates, MAC pause frames will be seen on the port and egress traffic on the port will stop to flow.
1467707 FPCs might get disconnected from EX3400 VC briefly after reboot/upgrade
Product-Group=junos
On EX3400 Virtual Chassis, during reboot or upgrade, because of a high CPU load in slow path of fxpc, TCP keep alive message is not sent. Hence, it is observed that sometimes a few Virtual Chassis members might get disconnected from the Virtual Chassis briefly and join back in 3-6 minutes.
1477165 EX3400 me0 interface might remain down
Product-Group=junos
The me0 interface of EX3400 does not come up when connected to 100m speed interface.
PR Number Synopsis Category: Hardware Escalation
1426910 Drift messages in ACX2200 which is a PTP hybrid (PTP+syncE) device
Product-Group=junos
On ACX2200 configured with PTP+SyncE , backup devices might get impacted due to high PDVs. This is observed through drift messages in the router.
PR Number Synopsis Category: Platform-side analytics for QFX
1456282 Telemetry traffic might not be sent out when telemetry server is reachable through different routing-instance
Product-Group=junos
On QFX Series switches (except for QFX10000) with Jvision enabled, the telemetry traffic might be locally dropped when the egress interface to the telemetry server is a part of non-default routing-instance.
PR Number Synopsis Category: DHCP related Issues
1467182 Few of DHCP INFORM packets specific to particular VLAN might be taking the wrong resolve Queue
Product-Group=junos
On QFX5K/EX4600 with DHCP relay scenario, if DHCPv4/v6 packets are coming over irb interface, few of DHCP INFORM packets specific to particular VLAN might be taking the wrong resolve Queue which is not expected.
PR Number Synopsis Category: QFX Multichassis Link Aggregrate
1488681 MClag consistency check for multiple irb's configured with same vrrp-group
Product-Group=junos
The MClag consistency check fails if the same vrrp-group is used for multiple irb configurations on Local and Remote REs of the MCLAG topology. This change corrects the defect and makes the MClag consistency check to pass.
PR Number Synopsis Category: QFX Access control list
1476708 ARP packets are always sent to CPU regardless of whether the storm-control is activated
Product-Group=junos
On QFX5K platforms with VXLAN or VLAN scenario, ARP packets are not rate limited by the storm-control settings as the ARP packets will be copied to CPU by VLAN register settings and can be only rate limited by the CPU Queues rate-limit settings (ARP DDOS Queues).
PR Number Synopsis Category: QFX PFE L2
1467466 Few MAC addresses might be missing from MAC table in software on QFX5k platform.
Product-Group=junos
On QFX5k platform, if Packet Forwarding Engine process is restarted manually or device reboot occurs, some MAC address(es) might not be seen on software MAC table but MAC address will be present in hardware table.
1481031 Connectivity is broken through LAG due to members configured with hold-time and force-up
Product-Group=junos
Connectivity through link aggregation group bundle could break after there is a flap event on the physical ports when one physical member interface is configured with hold-time and the other member interface is having LACP force-up feature configured.
PR Number Synopsis Category: QFX L3 data-plane/forwarding
1437943 The IPv4 fragmented packets might be broken if PTP transparent clock is configured
Product-Group=junos
When Precision Time Protocol (PTP) transparent clock is enabled, PTP adds the residence time to the Correction Field of the PTP packets as they pass through the device. On QFX5K platforms with PTP transparent clock enabled, the IPv4 fragmented packets of UDP datagram might be broken by PTP in some rare scenario, and the corrupted packets will be discarded by system. This issue has traffic impact.
1460791 JDI-RCT : QFX 5100 VC/VCF : Observing Error brcm_ipmc_route_counter_delete:3900Multicast stat destroy failed (-10:Operation still running) after ISSU with Mini-PDT base configurations
Product-Group=junos
"multicast stats related errors like " brcm_ipmc_route_counter_delete:3900Multicast stat destroy failed (-10:Operation still running)" will be observed during ISSU and these messages are harmless and does not affect multicast functionality".
1485612 FPC may go to "NotPrsnt" state after upgrading with non-tvp image in VC/VCF setup
Product-Group=junos
On EX4600/QFX5100 platform, there are two types of PIC (Physical Interface Card). The first one is PIC with the integrated PHY capability (called PHYLESS). The second one is PIC with an external PHY capability (called PHY). If VCPs (Virtual Chassis Port) are configured on external PHY capability PIC(s), the FPC(s) might go to "NotPrsnt" state after upgrading with non-tvp image in VC/VCF setup. The affected FPC(s) cannot be used to forwarding traffic.
1487707 CPU port queue gets full due to excessive pause frames being received on interfaces, this causes control packets from the CPU to all ports to be dropped
Product-Group=junos
On QFX5000 platforms (QFX5100/QFX5110/QFX5120/QFX5200/QFX5210) with point-to-point multi-link scenario, when the switch ingress buffer saturation happens, all interfaces on multi-link stop sending traffic at the same time.
PR Number Synopsis Category: QFX PFE MPLS
1475395 Traffic blackhole might be seen on PE when CE sends traffic to PE and the destination is resolved with two LSPs through one upstream interface
Product-Group=junos
On QFX5K platforms with Layer3 VPN scenario, when CE sends traffic to PE and the destination is resolved with two LSPs through one upstream interface, the traffic blackhole might be seen on PE. It happens in ECMP scenario.
PR Number Synopsis Category: MPC Fusion SW
1463859 The MPC2E-NG/MPC3E-NG card with specific MIC might crash after a high rate of interface flaps
Product-Group=junos
If any MIC of type MIC-3D-2XGE-XFP / MIC-3D-4XGE-XFP / MIC-3D-20GE-SFP-E / MIC-3D-20GE-SFP-EH / MIC-MACSEC-20GE is installed in MPC2E-NG/MPC3E-NG card, the Microkernel (uKern) might hog for CPU on Packet Forwarding Engine (PFE) when there is a high rate of interface flaps (~30/40 flaps per second). This will eventually trigger the MPC2E-NG/MPC3E-NG card crash with an NGMPC core file. Normally the excessive interface flapping won't happen frequently in the real-world and it may be caused due to the external environment. This fix will reduce the impact and prevent the uKern hog when having such conditions. The fix for this issue causes a regression as documented in TSB17782 and PR1508794 which affects interfaces with "WAN-PHY" framing.
PR Number Synopsis Category: a2a10 specific issue
1471524 The flowd and srxpfe process might stop immediately after you commit the jflowv9 configuration or after you upgrade Junos OS to affected releases.
Product-Group=junos
On all SRX platforms, if Jflow v9 is configured on the device, the flowd/srxpfe daemon might crash when committing the configuration or after upgrading to affected releases. It might show as a hung state for the device or the device will crash. Affected Releases are 12.3X48-D80 to D95 and 15.1X49-D160 to D200.
PR Number Synopsis Category: These are new categories in the areas of PFE
1460209 Loop detection might not work on extended ports in Junos Fusion scenarios
Product-Group=junos
In Junos Fusion scenarios, if loop detection is enabled on extended ports, when a satellite device (SD) is rebooted, or when a satellite device is added or removed/re-added, the loop detection feature might not work.
PR Number Synopsis Category: BBE Resource monitoring related issues
1431566 Subscribers coming from new IFDs might not login in due to 512 entries limit in the subscriber-limit table.
Product-Group=junos
On MX platforms, in subscriber management scenario, if the 512 entries are exhausted in the subscriber-limit table, the subscribers which come from new IFDs might not login in.
PR Number Synopsis Category: Bi Directional Forwarding Detection (BFD)
1470603 The BFD client session might flap when removing BFD configuration from the peer end (from other vendor) of the BFD session
Product-Group=junos
Currently, when a BFD packet with session state set to "AdminDown" is received by Juniper Device, the Juniper device will check both the session state and the diagnostic code in the packet. If the session state is "AdminDown" and the diagnostic code is 7 (which means "diag AdminDown"), the BFD session will be set to "Down" and the BFD client (i.e. the service which is protected by BFD) will be notified with "AdminDown" and the BFD client session will not flap. But if the BFD packet with session state set to "AdminDown" along with diagnostic code other than 7 is received, the BFD client will be notified with "Down" and the BFD client session will flap.
PR Number Synopsis Category: Border Gateway Protocol
1403186 All the BGP session flap after RE switchover
Product-Group=junos
With GRES and NSR enabled, if executing RE switchover, BGP session might flap in some scenario. When Junos version have the fix of PR-1440694, BGP session always flap after doing RE switchover.
1414121 QFX5100 : BGP v4/v6 convergence & RIB install/delete time degraded in 19.1R1/19.2R1/19.3R1/19.4R1
Product-Group=junos
BGP IPv4 or IPv6 convergence and RIB install/delete time is degraded in Junos OS Releases 19.1R1, 19.2R1, 19.3R1, and 19.4R1.
1437837 The rpd process crash might be observed if leaking multi-pathed BGP routes from routing-instance to another routing table
Product-Group=junos
This issue applies to Junos platforms with BGP multipath configured under a routing-instance and a RIB group is deployed to leak routes from that routing-instance to another routing table. "rpd" may restarts unexpectedly when performing multipath calculation operations for the secondary routes - (such as, removing the rib-groups/bouncing BGP neighbor under routing-instance.) The secondary routes refer to the second RIB in a RIB (Routing Information Base) group.
1461602 The rpd scheduler slips might be seen on RPKI route validation enabled BGP peering router in a scaled setup
Product-Group=junos
In scaled BGP environment (e.g. global table ~3M routes or more) when there are a lot of (e.g 10k or more) more specific routes for a certain IPv4 or IPv6 prefix covered by some RV (route validation) record, a change in RV records database might lead to rpd (routing protocol daemon) scheduler slips, which could trigger routing protocol adjacency flap. The same could be triggered by executing "clear validation database" command or shortly after initial session RPKI (resource public key infrastructure) establishment event.
1472671 The rpd process might crash with BGP multipath and damping configured
Product-Group=junos
On all Junos platforms running with Border Gateway Protocol (BGP), if both BGP multipath and BGP damping are configured, it might happen that, when the active route, for example r1, is withdrawn but it is not really deleted due to damping, then BGP might be unable to find its original gateway when the route r1 is relearned and becomes the best route again. It will lead to the rpd process crash.
1473351 Removing cluster from BGP group might cause prolonged convergence time
Product-Group=junos
Cluster removal from BGP group might lead to a state where each subsequent change to BGP configuration will trigger import policy reevaluation causing prolonged convergence time of several minutes. This might result in a traffic loss.
1482551 The rpd might be crashed after BGP peer flapping
Product-Group=junos
On all Junos platforms, with BGP long-lived graceful restart (LLGR) or BGP route dampening configuration, The rpd might be cored after BGP peer flapping. This is a day-1 issue.
1487691 High CPU utilization might be observed when the outgoing BGP updates are sending slowly
Product-Group=junos
On all Junos platforms with the BGP routing protocols, the rpd process might go into a high CPU utilization causing slow network convergence. If a BGP peer is receiving and processing BGP updates slowly, this may cause the BGP output queue of the sending BGP peer to be full. When the queue is full it causes high CPU utilization of the BGP IO thread (bgpio, it is part of the rpd daemon) on the sending BGP peer. This defect could cause network-wide slow BGP network convergence. (See also https://kb.juniper.net/TSB17725)
1487893 The process rpd may generate soft cores after "always-compare-med" is configured for BGP path-selection
Product-Group=junos
If a manually configured rib-group or automatically generated rib-group (via "family inet labeled-unicast resolve-vpn") is used to copy inet.0 (IP routing table) routes to inet.3 (MPLS routing table), the process rpd may continuously generate soft cores after "protocols bgp path-selection always-compare-med" is configured.
PR Number Synopsis Category: BBE Remote Access Server
1479697 The CoA request may not be processed if it includes "proxy-state" attribute
Product-Group=junos
In a subscriber management environment, the CoA requests (such as deactivating/activating subscribers) sent from Radius server will fail if the "proxy-state" attribute is present. This attribute is still unsupported but will now be ignored if it's present in CoA requests.
PR Number Synopsis Category: Captive Portal, Content Delivery Daemon, and Service Plugin
1445382 The cpcdd process might crash continuously if the captive-portal-content-delivery service is activated for dual-stack PPPoE/DHCPv6 subscriber. Basically issue can occur when multiple add request for same subscriber and same IFL.
Product-Group=junos
On MX platforms running with subscriber-management enabled, if the single client connection of Point-to-Point Protocol over Ethernet (PPPoE) dual-stacked with Dynamic Host Configuration Protocol version 6 (DHCPv6) is established, and then the captive-portal-content-delivery (CPCD) service is activated for both PPPoE and DHCPv6 sessions, the cpcdd process might crash continuously and stop working due to this issue. Basically issue can occur when multiple add request for same subscriber and same IFL.
PR Number Synopsis Category: L2NG Access Security feature
1478375 The process dhcpd may crash in a Junos Fusion environment
Product-Group=junos
On EX92XX platforms with the DHCP snooping configured, if a peer receives DHCPv6 packets from the server without the "client-id" option present, and it is syncing packets to the other side at that time, then the process dhcpd crash may be observed.
PR Number Synopsis Category: OpenSSH and related subsystems
1454177 SSH login might fail if a user account exists in both local database and RADIUS/TACACS+.
Product-Group=junos
SSH login from an automation tool to the Junos device might not be successful if the username is configured both as a local user and on remote RADIUS/TACACS server, and using authentication method 'password'.
PR Number Synopsis Category: Device Configuration Daemon
1457460 Mismatched MTU value causes the RLT interface to flap
Product-Group=junos
In Redundant Logical Tunnel (RLT) with any dynamic protocols that rely on this interface scenario, when performing a "commit full" operation, which might cause the protocol to get flapping if MTU is configured at IFD level of the RLT. Due to the mismatch MTU value calculated by DCD and Kernel that triggers the IFD flapping, and then the protocols flapping.
PR Number Synopsis Category: dhcpd daemon
1471161 DHCP relay with forward-only might fail to send OFFER messages when DHCP client is terminated on logical tunnel interface
Product-Group=junos
On all Junos platforms, when DHCP relay is configured with forward-only, and DHCP client is terminated on logical tunnel interface that multiple IFLs under this lt- interface have a same VLAN, DHCP relay might fail to send OFFER messages.
PR Number Synopsis Category: Covers Application classification workflows apart from custo
1455465 The traffic loss might occur when application service is configured
Product-Group=junos
On vSRX3.0 platform, traffic loss might occur when application service is configured.
1455465 The traffic loss might occur when application service is configured
Product-Group=junosvae
On vSRX3.0 platform, traffic loss might occur when application service is configured.
PR Number Synopsis Category: JUNOS Dynamic Profile Configuration Infrastructure
1421589 bbemg_smgd_lock_cli_instance_db should not log as error messages
Product-Group=junos
The "bbemg_smgd_lock_cli_instance_db: lock/unlock failed" messages are harmless and should not be considered as error:
PR Number Synopsis Category: Ethernet OAM (LFM)
1396540 V44-CFM: NPC crash @ rt_nh_install (rnh=0x618123d8, rnh_src=0x0, rt=< optimized out>, p_rtt=0x74f886c0) at ../../../../src/pfe/common/pfe-arch/trinity/applications/route/rt_nh.c:631
Product-Group=junos
As part of the EOAM programming the LM counters are allocated. When an interface is deleted, the EOAM LM counters needs to be cleared. This is done as part of EOAM punt deletion. But there are scenarios where the prog punt delete processing is received, the IFL is deleted in ukern. In this case the EOAM NHs are cleared but the LM counters are not freed. this can cause memory leak in jnh. This issue is seen for a scaled config, repeated addition and deletion of the interface configs when EOAM config is present
PR Number Synopsis Category: EVPN control plane issues
1399371 When committing a configuration for a VLAN adding to an EVPN instance and an AE interface respectively the newly added VLAN interface count might be zero (0) in that bridge domain
Product-Group=junos
On all MX-Series platforms with EVPN supported, when committing a configuration for a VLAN adding to an EVPN instance and an AE interface respectively the newly added VLAN interface count might be zero (0) in that bridge domain and causes all the traffic in that VLAN to be blocked. However, if the two configurations are committed all together in one time, the interface count will be the correct number right after the committing.
1467309 The rpd might crash after changing EVPN related configuration
Product-Group=junos
In EVPN scenario without encapsulation type specified (the default EVPN encapsulation type is set to MPLS), if "vlan-id none" and "vni " is configured in EVPN instance, the rpd might crash after changing EVPN related configuration (such as set the encapsulation as vxlan or delete label-allocation scheme).
1482790 The ESI of IRB interfaces does not update after autonomous-system number change if the interface is down
Product-Group=junos
On EX, QFX and MX platforms, Ethernet Segment Identifier (ESI) of IRB interfaces does not update after autonomous-system number change when IRB interface is in DOWN state.
1490953 The rpd core might be seen when doing RE switchover after disabling BGP protocol globally
Product-Group=junos
On EVPN scenario with BGP and routing-instance configured, if BGP protocol is disabled globally and then doing RE switchover, multiple rpd core might be seen. And the rpd does not run on new primary RE. Hence it would affect the traffic and service.
PR Number Synopsis Category: EVPN Layer-2 Forwarding
1498023 The l2ald memory leak may be observed in any EVPN scenario
Product-Group=junos
In any EVPN scenario (e.g. active-active multi-homing mode, active-standby multi-homing mode, EVPN-VxLAN, or EVPN-MPLS), the l2ald (Layer 2 Address Learning Daemon) memory may slowly come up when the local CE or core face interfaces continuously flap. If the memory of l2ald is exhausted, it will cause the l2ald to crash.
PR Number Synopsis Category: Issues related to EX MACsec
1469663 Traffic loss might be seen with framing errors or runts if MACsec is configured on EX4600/QFX5100 platforms
Product-Group=junos
On EX4600/QFX5100 platforms with Media Access Control Security (MACsec) configured, if there is traffic flowing through the MACsec enabled link, increasing framing errors or runts statistics might be seen in the output of "show interfaces extensive <>" for the affected interface. Traffic loss might also happen due to this issue.
PR Number Synopsis Category: Express PFE FW Features
1462634 The sample/syslog/log action in output firewall filter with packet of size less than 128 might cause ASIC wedge (all packet loss) on PTX platforms
Product-Group=junos
On PTX platforms, if output firewall filter is configured with sample/syslog/log action, the host interface might get wedged for packets with lengths 0-128 including Layer 3 headers.
1470385 Incorrect counter value for "Arrival rate" and "Peak rate" for ddos commands
Product-Group=junos
On PTX1000/PTX3000/PTX5000/PTX10000/PTX9000/QFX10000, sending hostpath traffic and check the ddos statistics might lead to incorrect counter value for "Arrival rate" and "Peak rate" for ddos commands
1491575 BFD sessions start to flap when the firewall filter in the loopback0 is changed
Product-Group=junos
On all Junos based PTX/QFX10000 series platforms with large filter configuration (e.g. one filter has more than 500 terms or one term has more than 500 filters) scenario, during the change operation of loopback0 filter, the bfd sessions start to flap.
PR Number Synopsis Category: SRX1500 platform software
1402242 Unable to access to SRX Series devices if messages kern.maxfiles limit exceeded by uid 65534, please see tuning(7) are seen.
Product-Group=junos
On SRX platforms (except SRX5400,SRX5600,SRX5800) the messages "kern.maxfiles limit exceeded by uid 65534, please see tuning(7)" may appear on console or on messages log, then management access to the device is impossible.
1403727 Throughput or latency performance of all traffic drops when TCP traffic is passing through the device.
Product-Group=junos
On vSRX, SRX1500, SRX4100,SRX4200 and SRX4600 platforms, when TCP Traffic is passing through the device for a certain period, throughput performance of all traffic is dropped about two thirds and latency performance of all traffic is increased up to around 20 ms.
1438445 The flowd process stops and generates core files.
Product-Group=junos
On vSRX, SRX100, SRX110, SRX210, SRX220, SRX240, SRX300, SRX320, SRX340, SRX345, SRX550, SRX650, and SRX1500 devices, and the SRX4000 line of devices, in a rare condition, the flowd process goes into a dead loop and then stops. This might cause traffic loss.
PR Number Synopsis Category: Libjtask for RPD tasks, scheduler, timers, memory, and slip
1472643 Performing back-to-back rpd restarts might cause rpd to crash
Product-Group=junos
On all Junos platforms, after performing back-to-back rpd restarts, rpd might crash. The rpd core may be observed after a timeout of 10 mins.
PR Number Synopsis Category: Kernel software for AE/AS/Container
1390367 Traffic destined to VRRP VIP gets dropped as filter is not updated to related logical interface
Product-Group=junos
On MX platform with enhanced-ip and VRRP configured, if remove/add a child link from AE bundles, traffic destined to VRRP VIP might be dropped.
1474300 A newly added LAG member interface might forward traffic even though its micro BFD session is down
Product-Group=junos
On all Junos platforms, if a static Link Aggregate Group (LAG) is configured, and Bidirectional Forwarding Detection (BFD) is enabled on the LAG which is also called as micro BFD, a newly added member link might start to forward traffic immediately when the configuration change commits even though its micro BFD session is still down, for example, add a new member interface only on single end, and the remote member interface is disabled or not added. Therefore, traffic loss might be seen due to this issue.
PR Number Synopsis Category: Optical Transport Interface
1429279 After member interface flapping AE remains down on 5X100GE DWDM CFP2-ACO PIC.
Product-Group=junos
On 5X100GE DWDM CFP2-ACO PIC on PTX series platforms, if any AE member interface flaps, the AE interface might stop receiving the LACP RX packets and fail to come up. It can be recovered by disabling/enabling the AE interface.
PR Number Synopsis Category: Integrated Routing & Bridging (IRB) module
1484721 ARP entry may not be created in the EVPN-MPLS environment
Product-Group=junos
In the EVPN-MPLS environment, if a VLAN is created without having it in "protocols evpn extended-vlan-list", then adding it, the ARP entry may not be created on the device even it receives the ARP packets through the newly added VLAN.
PR Number Synopsis Category: jdhcpd daemon
1431201 The jdhcpd_era log files constantly consume 121M of space out of 170M, resulting into file system full and traffic impact
Product-Group=junos
On EX platforms with service dhcp enabled, the jdhcpd_era log files constantly consume 121M of space out of 170M, resulting into file system full and traffic impact. Memory usage of /var/log/ will reach 100%.
1435039 DHCP request might get dropped in a DHCP relay scenario
Product-Group=junos
In DHCP relay scenario, if the device (DHCP relay) receives a request packet with option 50 where the requested IP address matches the IP address of an existing subscriber session, such request packet would be dropped. In such a case the subscriber may need more time to get IP address assigned. The subscriber may remain in this state until it's lease expires if it has previously bound with the address in the option 50.
1496220 Issues with DHCPv6 Relay processing Confirm and Reply packets
Product-Group=junos
When wired DHCPv6 clients change VLAN and an existing DHCPV6 relay binding exists on another VLAN, the DHCPv6 CONFIRM packets from the client may not get processed correctly on the relay resulting in connectivity issues
PR Number Synopsis Category: Adresses ALG issues found in JSF
1483834 FTPS traffic might get dropped on SRX Series or MX Series platforms if FTP ALG is used
Product-Group=junos
On SRX Series or MX Series platforms with FTP ALG enabled, if there are more than one FTPS connection between a pair of FTP client and server, the closure of one connection might cause other connections between that pair of FTP client and server to be affected, hence there might be traffic impact. It is a rare timing issue.
PR Number Synopsis Category: Firewall Authentication
1475435 SRX Series: Unified Access Control (UAC) bypass vulnerability (CVE-2020-1637)
Product-Group=junos
A vulnerability in Juniper Networks SRX Series device configured as a Junos OS Enforcer device may allow a user to access network resources that are not permitted by a UAC policy; Refer to https://kb.juniper.net/JSA11018 for more information.
PR Number Synopsis Category: Flow Module
1406210 The flowd process stops and all cards are brought offline.
Product-Group=junos
On all SRX platforms, in a rare condition, the flowd process might crash if there is a route change for IPSec tunnel traffic and the traffic does not go through the tunnel after reroute. This issue might cause all cards off.
PR Number Synopsis Category: Firewall Network Address Translation
1479824 Issuing the show security nat source paired-address command might return an error
Product-Group=junos
On the SRX series platforms with source NAT configuration, issuing the command "show security nat source paired-address ..." may return an error, which is not expected. It's a corner case, and not reproduced all the time.
PR Number Synopsis Category: Firewall Policy
1414319 Memory leak in nsd prevents change from taking effect.
Product-Group=junos
In some case, changing configuration might trigger memory leak in the nsd daemon. It is possible committed configuration change will not take effect.
PR Number Synopsis Category: User Firewall related issues
1499090 Don't use capital characters for source-identity when using "show security match-policies" cmd.
Product-Group=junos
When using "show security match-policies" cmd to match a policy with source-identity configured, only the non-capital source-identity name can be matched by policy.
PR Number Synopsis Category: Security platform jweb support
1499280 Junos OS: Security vulnerability in J-Web and web based (HTTP/HTTPS) services
Product-Group=junos
Junos OS: Security vulnerability in J-Web and web based (HTTP/HTTPS) services (CVE-2020-1631). Refer to https://kb.juniper.net/JSA11021 for more information.
PR Number Synopsis Category: Layer 2 Circuit issues
1498040 The l2circuit neighbor might be stuck in RD state at one end of MG-LAG peer
Product-Group=junos
In MC-LAG scenario, if the l2circuit is configured with primary-neighbor/backup-neighbor over the MC-LAG link and the l2ckt (l2ciruits control daemon for pseudowire) session of the primary-neighbor/backup-neighbor is flapped continuously (such as clear neighbor ldp and ospf etc), one of the remote neighbors may be stuck in RD (the remote pseudowire neighbor is down) state due to race condition between VC (virtual circuit) state update timer and L2ckt intf state change timer. Then, that pseudowire might be down, the traffic might be impacted if the RD pseudowire is not up.
PR Number Synopsis Category: Layer2 forwarding on EX/NTF/PTX/QFX
1406691 Some interfaces of AE bundle might go to the detached state after the bulk configurations change on QFX5K platforms
Product-Group=junos
On QFX5000 platforms with scaled setup of the aggregated Ethernet (ae) bundles and VLANs, if Link Aggregation Control Protocol (LACP) is enabled, and there are scaled configuration changes, for example, delete 4000 VLANS/VXLANs and reapply them again, some interfaces of ae bundle might go to the detached state. Due to this issue, the running routing protocols (for example, LACP and BGP) will go down over the affected ae bundles.
1484468 Packet loss might be observed after device rebooted or l2ald restarted in EVPN-MPLS scenario
Product-Group=junos
In EVPN-MPLS scenario, if the core-facing interface (mpls interface) and the CE-facing interface are on different PEs, and the traffic from core is not continuous and DMAC (Dynamic MAC) ages out, due to an incorrect flood next-hop programming across different PFEs, packet loss might be observed after device rebooted or l2ald restarted.
PR Number Synopsis Category: mc-ae interface
1447693 The l2ald might fail to update composite NH
Product-Group=junos
This is a timing issue where the l2ald receive underlay NH from rpd as part of LSI IFF ADD (VPLS core NH) and creates flood NH. Due to a flap at local IFL or core (VPLS etc.), the l2ald receives multiple LSI IFF Add and Delete in some order. In some sequence where rpd delete underlay NH from Kernel Forwarding table but the l2ald still create flood NH with this underlay NH, because IFF delete is yet to be received at the l2ald, so l2ald might fail to update Composite NH. This is generic L2 issue and can happen without mc-ae.
PR Number Synopsis Category: Application specific PRs (cos/snmp/time-sync/routing/BRAS)
1429797 Extended Ukern thread(PFEBM task) priority to support BBE performance tuning
Product-Group=junos
Original PFEBM task, which is system-critical for internal network performance/resilience, was running a medium priority; Can see tnp queue errrors by 'show pfebm all' on VCP-bearing FPC when high rate of punt traffic (like ARPs or BGP route updates, etc.) which go through VC links. It needs to run at high priority to assure timely packet handling.
1493699 [subscriber_services] [all] JDI_BBE_REGRESSIONS: DHCP subscribers not coming up as expected after deactivating vcp port
Product-Group=junos
In 20.1R1, for MX-VC platforms, setting or deleting a VC port causes other VC ports on the same FPC/MIC slot to bring link state down for a few seconds, possibly interrupting communication with the other member chassis.
PR Number Synopsis Category: Multiprotocol Label Switching
1465902 The device may use the local-computed path for the PCE-controlled LSPs after link/node failure
Product-Group=junos
In a Path Computation Element Communication Protocol (PCEP) scenario where the link/node protection is enabled, the PCE-controlled LSPs may shift to the local-computed path after link/node failure upon path retry processing.
1497641 The rpd might crash when SNMP polling is done using OID "jnxMplsTeP2mpTunnelDestTable"
Product-Group=junos
In a very rare P2MP with SNMP scenario, if the OID "jnxMplsTeP2mpTunnelDestTable" is polled by SNMP, the rpd (Routing Protocol Daemon) might crash since the relevant value is empty on the device and SNMP can not walk it at that time.
PR Number Synopsis Category: Multicast for L3VPNs
1460625 The rpd process might crash due to memory leak in "MVPN RPF Src PE" block
Product-Group=junos
In NG-MVPN scenario with multiple multicast sources, the rpd process might crash due to memory leak in "MVPN RPF Src PE" block.
PR Number Synopsis Category: build tools
1290089 jcrypto syslog help package and events are not packaged even when errmsg is compiled
Product-Group=junos
jcrypto syslog help package and events are not packaged even when errmsg is compiled properly. Several of the KMD help syslog entries are missing
PR Number Synopsis Category: FreeBSD Kernel Infrastructure
1439906 FPC might reboot if jlock hog occurs on all Junos VM based platforms
Product-Group=junos
On a JUNOS VM using TSC clocking from the host system, "jlock hog" messages may be seen. This may lead to FPCs reboot.
PR Number Synopsis Category: "ifstate" infrastructure
1486161 Kernel core might be seen if deleting an ifstate
Product-Group=junos
On all Junos platforms, some operations such as configuration change may cause state information to change and eventually cause the ifstate to be deleted. In a very rare case, deleting an ifstate (kernel state) might cause kernel core and RE (Routing Engine) restart. There is no specific trigger, this issue is reported by the configuration change.
PR Number Synopsis Category: Kernel MPLS / Tag / P2MP Infrastructure
1478806 Kernel crash and device restart might happen
Product-Group=junos
In a corner case on Junos platform, where the family ccc is configured along with any other existing family within the same interface, like inet, inet6, etc. (basically, Junos never allows to do so, but somehow a customer did it ). And if the family ccc is deleted from the interface, which might cause kernel crash and the device reboot automatically, so all the traffic will be interrupted.
1493053 Backup RE might crash unexpectedly due to a rare timing issue
Product-Group=junos
The backup Routing Engine might crash unexpectedly due to a rare timing issue during a route churn in the network.
1493431 BGP session might keep flapping between two directly connected BGP peers because of the wrong TCP-MSS in use
Product-Group=junos
In case the two directly connected BGP peers are established over a one-hop LSP, if the IP layer's MTU is smaller than the MPLS layer's MTU, plus the BGP packets from the host have the DF bit set, the BGP session might keep flapping because of the wrong TCP-MSS in use.
PR Number Synopsis Category: JUNOS Network App Infrastructure (for ping, traceroute, etc)
1484689 Show system buffer command display's all zero in the MX104 chassis and it looks like cosmetic issue as there is no service impact reported
Product-Group=junos
Corrected the odl tags and buffer data handling while xmlizing the output.
PR Number Synopsis Category: PTX Broadway based PFE MPLS-LSPs RSVP VPNs tcc ccc software
1484255 FPC might crash when dealing with invalid next-hops
Product-Group=junos
On PTX3000/PTX5000 platform with some specific FPCs, if the weights of links are set to an invalid value on an AE bundle interface or unilist (an unilist next-hop composed of several unicast next-hops), the FPC crash might be observed. It is a rare issue and the FPC will try to reload to resolve this problem. Traffic loss might be seen before the FPC completes the reload period.
PR Number Synopsis Category: PTX5KBroadway based PFE IPv4, IPv6 software
1479789 Multicast routes add/delete events might cause adjacency and LSPs to go down
Product-Group=junos
In PTX5000 platform with (FPC2-PTX-P1A | FPC-PTX-P1A), or PTX3000 with FPC-SFF-PTX-P1-A, with PIM scenario, The adjacency relationships of routing protocols and LSPs might go down if add/delete some multicast routes (which can be achieved by flapping interface or protocol) ). It is because that though the routes are deleted, its counter for statistic will not be removed from Junos resulting in memory block for counter exhaustion. And due to the exhaustion, any protocols that are sharing the same memory scope might fail to allocate its own counter, which eventually causes protocol adjacency and LSPs to go down. [TSB17747]
PR Number Synopsis Category: PTP related issues.
1421811 PTP might not work on MX104 if phy-timestamping is enabled
Product-Group=junos
On MX104 platform with any 2-port license installed on 10G interfaces and phy-timestamping enabled in PTP, PTP might not work.
PR Number Synopsis Category: Chassis mgmt for all QFX systems - chassis MIB, alarms, CLI
1455201 In a 16+ member QFX5100 VCF, the "FROM" column under the "show system users" shows wrong information
Product-Group=junos
In a 16+ member QFX5100 VCF, the "FROM" column under the "show system users" output reports "feb0/1/2/3" instead of showing "fpc16/17/18/19" respectively.
1456742 The laser from the 10G SFP+ interface is still on when the interface is disabled or the device is rebooted
Product-Group=junos
On the QFX5210/QFX5110/QFX5100 platform, the laser is still emitting from 10G SFP+ port even though the interface is disabled or the device is rebooted. It will cause the peer's interface is still up and might impact traffic.
1458514 QFX5210 : LED does not light on port 64 and 65 after upgraded to 19.2R1.
Product-Group=junosvae
On QFX5210, physical LED does not light on port 64 and 65 though traffic is passing through.
PR Number Synopsis Category: Interface related issues. Port up/down, stats, CMLC , serdes
1465302 The physical interface of AE (Aggregated Ethernet) might take time to come up after disable/enable
Product-Group=junos
On Junos platforms, the physical interface of AE might come up after a long delay (4 mins) if there are millions of bgp routes learnt on the device. This delay is happening because PFE Manager thread is busy processing the routing updates from RE. These routing updates are the result of AE interface going down at the first step of disabling the interface.
PR Number Synopsis Category: QFX Control Plane Kernel related
1421250 A vmcore is seen on QFX VC
Product-Group=junos
On QFX Series Virtual Chassis during shutdown, if an interrupt is received, the system gets into this state and vmcore is observed.
1421250 A vmcore is seen on QFX VC
Product-Group=junosvae
On QFX Series Virtual Chassis during shutdown, if an interrupt is received, the system gets into this state and vmcore is observed.
PR Number Synopsis Category: QFX Platform related (SYSLOG/ALARMS/miscellaneous)
1449977 FPC does not restart immediately after rebooting the system. That might cause packet loss
Product-Group=junosvae
On QFX10008 and QFX100016 switches, the traffic drop occurs after rebooting the system due to the time delay in rebooting the FPC.
1471216 The speed 10m might not be configured on the GE interface
Product-Group=junos
On QFX5100 and EX4300 mixed-mode Virtual Chassis, the speed 10m might not be configured on the GE interface.
1498175 QFX5210: Unexpected behaviour see for Port LEDs lights post Upgrade
Product-Group=junosvae
After upgrading QFX5210 to the affected releases, Port LED lights misbehaviour could be seen as follow. i. 40G port LED show amber instead of green ii. 2x50g port LED not lit. iii. 2x25g port LED shows white instead of green. There is no impact to packet forwarding on the port. The issue is cosmetic and only LED colour is affected. It can be resolved after doing a Junos upgrade to one of the fix releases. With the fix, Port LEDs glow green as expected
PR Number Synopsis Category: QFX platform optics related issues
1382803 FEC error counts not updating for QFX5110
Product-Group=junos
On QFX5110, interface FEC counter does not work though FEC function has been supported. Added stats counter support through this PR.
1457266 QFX5110 QSFP-100GBASE-SR4 made by Avago cannot linkup
Product-Group=junos
On QFX5110, interface on QSFP-100GBASE-SR4 whose Xcvr vendor is Avago on the QFX side cannot linkup, FEC errors might be seen on the other side. Note : Do not use 19.3R2-S2, 18.2R3-S3 and 18.2R3-S4 for this fix. The fix causes that FPC will go down when 100G link comes up and this leads FPC up and down every 90 seconds. The fix will work on 19.3R2-S3 and 18.2R3-S5 properly.
PR Number Synopsis Category: Filters
1480776 ARP request packets for unknown host might get dropped in remote PE in EVPN-VXLAN scenario
Product-Group=junos
In EVPN-VXLAN environment, when local CE sends ARP request packets for unknown host, the packets will hit firewall-host queue in remote PE. It might trigger DDoS protection policer violations for firewall-host queue hence the ARP request packets might get dropped.
PR Number Synopsis Category: QFX L2 PFE
1385954 "CMQFX: Error requesting SET BOOLEAN, illegal setting 66" is generated at booting up
Product-Group=junos
The following log may be generated at booting up. >> Feb 10 02:15:26 jtac-qfx5100-48s-6q-r2373 : %PFE-3: fpc0 CMQFX: Error requesting SET BOOLEAN, illegal setting 66. This is a cosmetic log and you can ignore the log safely.
1473685 The RIPv2 packets forwarded across a L2circuit connection might be dropped
Product-Group=junos
When RIPv2 routes are received on a QFX5100/EX4600 platforms, either to or from an L2 circuit connection, such packets are not propagated. This includes directed unicast RIPv2 packets.
PR Number Synopsis Category: QFX MPLS PFE
1474935 L2circuit might fail to communicate via VLAN 2 on QFX5K platforms
Product-Group=junos
On QFX5K platforms acting as L2circuit PE (tunnel terminating node), if VLAN 2 is used for L2circuit communication with CE node, the VLAN 2 packets might be dropped on PE.
PR Number Synopsis Category: QFX VC Infrastructure
1414492 VC Ports using DAC may not establish link on QFX5200
Product-Group=junos
On QFX5200, when virtual-chassis is configured, if the QSFP configured as VCP is removed and then inserted, VC Ports using direct attach copper (DAC) may not establish link.
1478905 The default VC MAC persistence timer is incorrectly set to 20 seconds instead of 20 minutes
Product-Group=junos
In QFX5200-32C, QFX5110 VC (Virtual Chassis) scenario, the default VC MAC (Media Access Control) persistence timer is incorrectly set to 20 seconds instead of 20 minutes. If the primary VC member is rebooted, the new primary member starts using its own MAC address as the system's MAC base address after only 20 seconds instead of 20 minutes. This results in issues like OSPF (Open Shortest Path First) stuck in "init" state after the primary VC member reboot.
PR Number Synopsis Category: Routing Information Protocol
1485009 The rpd crashes if the same neighbor is set in different RIP groups
Product-Group=junos
If the same neighbor is configured under different RIP groups, the commit check fails to capture this invalid configuration and commit can be done successfully. However the rpd will crash.
PR Number Synopsis Category: rosen-6 and rosen-7 mvpn bugs
1405887 The CLI command "show pim mdt data-mdt-limit instance " with family option might cause CPU usage of rpd high
Product-Group=junos
In draft-rosen MVPN scenario with data-mdt, if performing the CLI command "show pim mdt data-mdt-limit instance ", The output might go in loop and the rpd process might use high CPU.
PR Number Synopsis Category: RPD Interfaces related issues
1478523 The FPC with 'vpn-localization vpn-core-facing-only' configured might be stuck in ready state
Product-Group=junos
On all Junos platform with MVPN scenario, when 'vpn-localization vpn-core-facing-only' is configured, the FPC should be restart when MVPN configuration is changed. But if there is a large-scale configuration that includes "vpn-localization vpn-core-facing-only" and vt-ifl under mvpn instance, when performing configuration removal/restoration(load baseline, commit, rollback 1, commit again), the FPC might be stuck in ready state due to cleanup failure of vt-ifl under MVPN instance.
PR Number Synopsis Category: RPD policy options
1450123 The rib-group might not process the exported route correctly
Product-Group=junos
The rib-group with a policy that matches route next-hop can fail to add the route to the secondary routing table when matched route next-hop is changed to another one and then referred back again after some time. This issue has traffic impact as the exported route will lose in the secondary routing table.
PR Number Synopsis Category: show route table commands, tracing, and syslog facilities
1421076 RPD crash might occur when changing prefix list address from IPv4 to IPv6
Product-Group=junos
RPD crash might occur when changing a prefix-list address from IPv4 to IPv6 with "replace-pattern"
PR Number Synopsis Category: Resource Reservation Protocol
1359087 The FPC might be stuck in 'Ready' state after applying a configuration change that will remove RSVP and trigger FPC restart
Product-Group=junos
When 'tunnel-services' is configured under 'chassis fpc <> pic <>', the vt-x/y/z physical interface (IFD) is created for the corresponding FPC. If 'protocols rsvp' is configured, RSVP will create a default vt-x/y/z.u logical interface (IFL) under the corresponding vt-x/y/z IFD. After applying a configuration change that will remove RSVP and trigger FPC restart, the vt-x/y/z.u IFL is not cleaned up due to a code issue. Hence the corresponding vt-x/y/z IFD cannot be cleaned up during the corresponding FPC coming up. The IFD cleaning keeps retrying which cause the corresponding FPC to be stuck in 'Ready' state.
1490163 High CPU utilization for rpd might be seen if RSVP is implemented
Product-Group=junos
On all Junos platforms, when Multiprotocol Label Switching (MPLS) is configured with Resource Reservation Protocol (RSVP) as signaling layer, CPU utilization for rpd might be high (more than 20%) if the MPLS ingress route has more than 32 equal-cost multipath (ECMP) next-hops. As a result, performance of the device might be affected.
PR Number Synopsis Category: jflow/monitoring services
1439630 Sampling might return incorrect ASN for BGP traffic
Product-Group=junos
In a BGP scenario with sampling enabled, incorrect ASN (autonomous system number) might be returned for the traffic originated from an internal prefix. This is because some AS paths and routes don't hold the latest information in the message buffers that srrd (sampling route-record daemon) uses to send to the clients.
PR Number Synopsis Category: SNMP Infrastructure (snmpd, mib2d)
1392616 The snmpd process might crash and cause a core dump
Product-Group=junos
The snmpd process leaks memory in snmpv3 query path and crashes. The issue is caused by a memory leak when the request PDU is dropped by SNMP when the snmp filter-duplicates configuration is enabled. Each request PDU has a structure pointer for the SNMPv3 security details. This is allocated when the PDU is created or cloned. But while dropping the duplicate requests, the corresponding structure is not freed, which causes the memory leak.
PR Number Synopsis Category: Generic platform and infra issues for MS-MIC and MS-MPC(XLP)
1464020 The mspmand might crash when stateful firewall and RPC ALG used on MX platforms with MS-MIC/MS-MPC
Product-Group=junos
On MX platforms with MS-MIC/MS-MPC, when stateful firewall is configured with "application junos-dce-rpc-portmap" and RPC ALG is enabled (both Sun RPC and MS-RPC), the mspmand might crash continuously (about every 15 or 20 minutes).
PR Number Synopsis Category: MS-MPC Logging on MX
1478972 TCP-log sessions might be in Established state but no logs get sent out to the syslog server
Product-Group=junos
When TCP-based syslog is configured under the service-set, the Services PICs will establish the TCP sessions with syslog server. When the networks between the syslog server and the MX/SRX are not stable, TCP retransmit may not work properly and cause the TCP sessions to hang. When issuing "show services tcp-log connections", the TCP sessions are still shown in "Established" state, however, no syslog messages are sent to the syslog server.
PR Number Synopsis Category: platform related PRs on SRX branch platforms
1473456 Supports LLDP on reth interfaces.
Product-Group=junos
On all SRX chassis cluster with LLDP supported, the "set protocols lldp interface reth*" is supported since this release, please configure LLDP on reth interface not on reth's child interfaces.
PR Number Synopsis Category: MPC7/8/9 Interface Issues
1463015 The EA WAN SerDes gets into a stuck state, leading to continuous DFE tuning timeout errors and link staying down.
Product-Group=junos
The interfaces on certain MX platforms might get stuck in a down state, if the remote interface sends invalid code to the local interface. Link might not come up even after the remote peer has begun sending a good signal.
PR Number Synopsis Category: MX10002 Platform SW - Platform s/w defects
1426120 MPC reboot or RE mastership switchover might occur on MX204/MX10003
Product-Group=junos
On MX204/MX10003, if there's high rate of fragmented traffic received on em3 interface, em3 watchdog timeout might occur. It could cause MPC reboot or RE mastership switchover.
1426120 MPC reboot or RE mastership switchover might occur on MX204/MX10003
Product-Group=junosvae
On MX204/MX10003, if there's high rate of fragmented traffic received on em3 interface, em3 watchdog timeout might occur. It could cause MPC reboot or RE mastership switchover.
PR Number Synopsis Category: Issues related to broadband edge apps (PPP, DHCP) on Trio ch
1402345 The MPC might crash due to CPU overuse by dfw thread.
Product-Group=junos
When a large amount of packets hit the firewall filter term action 'syslog' and a thread hogs CPU for more than 4 minutes, the MPC might crash.
1476786 Traffic loss may be observed to the LNS subscribers in case the "routing-service" knob is enabled under the dynamic-profile
Product-Group=junos
On the MX platforms working in an enhanced subscriber environment, if the "routing-service" knob is enabled under the dynamic-profile for the LNS subscribers, l2tp services may not be programmed properly in the PFE due to timing, which causes forwarding issue to the affected subscribers.
PR Number Synopsis Category: Trio pfe stateless firewall software
1427936 The policer bandwidth might be incorrect for the aggregate interface after activating the command 'shared-bandwidth-policer'.
Product-Group=junos
On MX Series with MPC, if an AE interface is with the filter of 'shared-bandwidth-policer' and the knob 'shared-bandwidth-policer' is deactivated, after activating the knob 'shared-bandwidth-policer', the policer bandwidth might be calculated as 0 and all traffic might be dropped for the AE interface.
PR Number Synopsis Category: Trio pfe bridging, learning, stp, oam, irb software
1468663 JNH memory leaks might be seen after CFM session flap for LSI/VT interfaces
Product-Group=junos
JNH memory leak may be seen when CFM session over the VPLS LSI interface/VT interface flaps if mip-half-function is used.
1491091 MAC malformation might happen in a rare scenario under MX-VC setup
Product-Group=junos
On MX-VC setup, if traffic is going through a VCP (virtual chassis port) port and forwarding to an egress port to the destination, while the traffic is handled entirely by the same PFE, MAC malformation might happen.
PR Number Synopsis Category: Junos Automation, Commit/Op/Event and SLAX
1436773 The /var/db/scripts directory might be deleted after executing "request system zeroize"
Product-Group=junos
On all platforms which support ZTP (Zero Touch Provisioning), the /var/db/scripts directory might get deleted after executing "request system zeroize", and it won't be recreated automatically.
PR Number Synopsis Category: UI Infrastructure - mgd, DAX API, DDL/ODL
1480348 TFTP installation from loader prompt may not succeed on the EX series devices
Product-Group=junos
On the EX series platforms with 17.1R1 onwards, software installation from loader prompt may not succeed by using TFTP.
PR Number Synopsis Category: V44 Satellite Device Infra
1460607 The dpd crash might be observed on satellite devices in junos fusion enterprise
Product-Group=junosvae
In junos fusion dpd might crash on satellite devices running SNOS.
PR Number Synopsis Category: PTX/QFX100002/8/16 platform software
1464119 FPC might restart during run time on PTX10K/QFX10K platforms
Product-Group=junosvae
On PTX10K/QFX10K platforms, FPC might restart if there is some corruption in BCM (Broadcom) switch (a small internal ethernet switch, instead of PFE engine) inside the FPC. It is a timing issue. The reason is that the PCIe speed configuration for BCM switch is not correct. And this issue is resolved in some FPC U-boot versions.
PR Number Synopsis Category: Virtual Router Redundancy Protocol
1450652 Dual VRRP mastership might be seen after RE switchover ungracefully
Product-Group=junos
When VRRP works in distributed mode (ie. delegate-processing is enabled under VRRP) with more than 250 VRRP sessions, dual VRRP mastership might be observed after RE switchover ungracefully (e.g. primary RE failure).
1454895 The VRRP traffic loss is longer than one second for some backup groups after performing GRES
Product-Group=junos
On all Junos OS platforms, configuring VRRP over the AE interface whose member physical interfaces belong to different PFE (packet forwarding engine), some backup VRRP groups traffic loss are observed longer than one second after performing GRES (graceful Routing Engine switchover). As the expectation is that the outage is subsecond.
 

18.1R3-S10 - List of Known issues

PR Number Synopsis Category: Broadway ASIC component issues on Sangria
1089330 The policer counter on filter are not correct for PTX FPC3
Product-Group=junos
On PTX with FPC3, if the filter action of policer and count are configured in one same filter term, then it might cause the policer counter to be higher than the actual count.
PR Number Synopsis Category: EX2300 Hardware
1369924 EX2300 - Watchdog reset is shown as Swizzle
Product-Group=junos
On EX2300, when watchdog is induced, the last reboot reason is shown as Swizzle Reboot.
1463583 EX2300-48MP-VC Rebooting randomly
Product-Group=junos
EX2300-48MP-VC Rebooting randomly. There is no any core getting generated, its rebooting silently and randomly. There are no any syslogs, console logs getting generated before reboot. Reboot reason is showing as normal reboot.
PR Number Synopsis Category: ESWD
1192520 GARPs being sent from the switch once in 10 minutes
Product-Group=junos
GARPs were being sent whenever there is a mac (fdb) operation (add or delete). This is now updated to send GARP when interface is UP & l3 interface attached to the vlan.
PR Number Synopsis Category: EX4300 PFE
1436642 The FPC/pfex crash may be observed due to DMA buffer leaking
Product-Group=junos
On EX2300/EX3400/EX4300/EX4600 platforms, DMA buffer leaking may be hit once the next-hop of received traffics is not resolved and eventually to cause an FPC/pfex crash if the DMA buffer runs exhaustion.
PR Number Synopsis Category: EX9200 Platform
1448368 EX9214 : Error "errorlib_set_error_log(): err_id(-1718026239)" are observed after reboot and macsec enabled link flap
Product-Group=junos
On the EX9214 device, if the MACsec-enabled link flaps after reboot, the error "errorlib_set_error_log(): err_id(-1718026239)" is observed.
PR Number Synopsis Category: EX2300/3400 platform
1453687 Auto-negotiation failure and MAC pause frames in Ex3400 running 18.1R3-S5
Product-Group=junos
To prevent the Frame corruption during the system boot up time MACsec is disabled for all 1g ports and it will be enabled later.
PR Number Synopsis Category: NFX Series Platform Software
1232501 Vjunos logs shows that abnormal shutdown, after rebooting the device.
Product-Group=junosvae
Show chassis routing-engine will display the last reboot reason as power cycle/failure even for normal vjunos reboot. Also, in logs abnormal shutdown message will be observed.
PR Number Synopsis Category: QFX Multichassis Link Aggregrate
1454764 ARP reply unicast packets might be flooded to all interfaces in the vlan
Product-Group=junos
The flooding of ARP reply unicast packets might be seen as a result of an ARP request sent to the device's MAC address. It has the correct unicast DMAC (destination MAC address) and it is not broadcasted. It is independent of MCLAG and VRRP scenario.
PR Number Synopsis Category: QFX Access control list
1441585 DFW error "cannot program filter" on Leaf QFX5200/QFX5110 device while applying a firewall filter for classifying traffic.
Product-Group=junos
The issue is due to the race condition of handling IPACL_VXLAN filters. The issue is fixed in junos:18.1R3-S6 junos:18.1R4 junos:18.2R3 junos:18.3R3 junos:18.4R2 junos:18.4R3 junos:19.1R2 junos:19.2R1 junos:19.2R2 junos:19.3R1
1458027 Junos OS: EX4300/EX4600/QFX3500/QFX5100 Series: Stateless IP firewall filter may fail to evaluate certain packets (CVE-2020-1604)
Product-Group=junos
On EX4300, EX4600, QFX3500, and QFX5100 Series, a vulnerability in the IP firewall filter component may cause the firewall filter evaluation of certain packets to fail. Refer to https://kb.juniper.net/JSA10983 for more information.
PR Number Synopsis Category: QFX PFE L2
1469837 The ARP packets are not counted against storm control on EVPN configured interface.
Product-Group=junos
With QFX5110/5200 plaforms, if storm control enabled on the interfaces along vxlan config, storm control will not get effected with ARP REQ pkts coming more than storm control threshold
1469837 The ARP packets are not counted against storm control on EVPN configured interface.
Product-Group=junosvae
With QFX5110/5200 plaforms, if storm control enabled on the interfaces along vxlan config, storm control will not get effected with ARP REQ pkts coming more than storm control threshold
1479826 QFX5k: Message "fpc0 Pools exhausted for Table:EGR_DVP_ATTRIBUTE_1" reported in logs
Product-Group=junosvae
On QFX5k platforms, we have limited pool resources used for stat collection on hardware. So we may see pools exhausted for "Table:EGR_DVP_ATTRIBUTE" error when stats requests exceeded the supported scale. There is no functional impact except for stats collection for some HW counters for which flex counter allocation failed for the time, the limit is exceeded. Stats counters will start functioning normal without manual change when the pool comes back to normal limit.
1499422 The FPC will go down when 100G link comes up on the network port of the QFX5110-48S device
Product-Group=junos
On the QFX5110-48S device running on Junos 19.3R2-S2, 18.2R3-S3 or 18.2R3-S4, the FPC will go down when the 100G link comes up on the network port. This leads to FPC up and down every 90 seconds. During the problem state running CLI "show chassis fpc detail" will not yield any output for upto 90sec. user@device> show chassis fpc detail. <-------- Empty Once FPC state transition back to online state, the 100G transceivers gets detected and fpc flap is seen again. This behavior is seen continuously as long as 100G transceivers remain connected to the QFX device in question. If 100G interfaces gets disabled from CLI or physically removed from the QFX switch, the FPC flap will no longer be seen. Note: This issue is not applicable when 100G-QSFP is used as a VCP port on QFX5110-48S.
PR Number Synopsis Category: QFX L3 data-plane/forwarding
1408428 The FPC/dcpfe process may crash due to interface flap
Product-Group=junos
On QFX5200/QFX5110 platform or Junos on White Box (AS7816), interface flap may cause FPC watchdog timeout which then further triggers the FPC/dcpfe crash, as a result, traffic impact may be observed at that time.
1429504 Layer 3 IP route might not be installed in LPM forwarding table on QFX5000 platforms
Product-Group=junos
On QFX5000 platforms, when the host forwarding table is full and the host entries are installed in LPM forwarding table, or when lpm-profile with unicast-in-lpm option is used, the Layer 3 IP route might not be installed in LPM forwarding table if there are SER errors, hence there might be traffic impact. This PR 1429504 has a fix on below JUNOS versions : 19.3R1 19.2R2 19.1R2 18.4R3 18.3R3 18.2X75-D50 18.2X75-D60 17.2X75-D44 18.4R2-S3 17.3R3-S7
1443507 IPv6 connectivity between MC-LAG peers might fail when multiple IRB interfaces are present
Product-Group=junos
On all Junos platforms which are enabled with MultiChassis Link Aggregation Group (MC-LAG), if there are multiple Integrated Routing and Bridging (IRB) interfaces present, and the Inter Chassis Link (ICL) is also connected over an IRB interface, when both MC-LAG peers have not learnt link-local addresses and IPv6 ping is firstly initiated from the remote peer, the Neighbor Solicitation (NS) packet might take ICL path and couldn't get answered properly.
1459329 OSPF stuck at Exchange state for lag interfaces in a QFX5100-EX4300 mixed VC setup whose child members belong to EX4300 after Rebooting VC.
Product-Group=junos
OSPF stuck at Exchange state for lag interfaces in a QFX5100-EX4300 mixed VC setup whose child members belong to EX4300 after Rebooting VC.
PR Number Synopsis Category: QFX Analyzer, sflow
1334711 Ethernet frames with Ethernet type of 0x8922 might be modified at egress by QFX10K platforms
Product-Group=junos
On QFX10002, QFX10008 and QFX10016 Series platforms, all the Ethernet frames with Ethernet type of 0x8922 might be modified at the egress because it is an unknown Ethernet type.
PR Number Synopsis Category: ACX MPLS
1449681 l2circuit with a "backup-neighbor" (hot-standby) configured may stop forwarding traffic after failovers
Product-Group=junos
On ACX platforms, if the "backup-neighbor" is configured with the "hot-standby" parameter, then l2circuit may stop passing traffic if the primary path is down and back up again (l2circuit switchovers from the primary path to the backup path, then moves back from the backup path to the primary path)
PR Number Synopsis Category: ACX PFE
1407098 on ACX5048/5096 pltform high CPU for fxpc processes might be observed on class-of-service configuration changes on interfaces
Product-Group=junos
Fxpc process CPU utilization spikes on configuration changes related to cos on interfaces.
PR Number Synopsis Category: MPC Fusion SW
1508794 MPC2E/3E NG: WAN-PHY interface continuously flaps with default hold-time down of 0
Product-Group=junos
On MX-series routers with MPC2E or MPC3E NG line cards, 10GE interface configured with WAN-PHY framing may flap continuously if the hold-down timer is set to 0 (which is the default).
PR Number Synopsis Category: MX Layer 2 Forwarding Module
1424635 RE kernel crashes may be seen in EVPN scenario when proxy arp is enabled
Product-Group=junos
In EVPN scenario when proxy arp is enabled and the lowest 3 bytes of irb logical interface's address are zero, RE kernel crashes may be seen if IPv6 address is configured on irb logical interface and then got removed.
PR Number Synopsis Category: BBE database related issues
1396470 The subscriber bindings might not be successful on QFX/EX platforms
Product-Group=junos
On QFX/EX Series platforms, the DHCP/PPP subscribers might fail to bind. The reason is that when installing new software images, it shared memory (created by previously running image) might not to be cleared out. The issue will persist until the previous values in shared memory are removed and the daemons affected by the data in shared memory may continue core/crash and thus they will not be able to function properly.
PR Number Synopsis Category: BBE interface related issues
1440872 The layer2 dynamic VLAN might be missed when an interface is added or removed for an AE interface
Product-Group=junos
On MX-Series platform with dynamic VLAN configuration for subscriber management, if a physical interface is added or removed for an Aggregated Ethernet (AE) interface and if dynamic VLAN is enabled on AE interface, some of the dynamic layer2 interfaces might be deleted from the Packet Forwarding Engine (PFE), but not from bbe-smgd. This will cause the subscriber under the AE interface to be deleted.
PR Number Synopsis Category: Bi Directional Forwarding Detection (BFD)
1354409 AE interface and BFD session remain down after interface disable/enable
Product-Group=junos
With Bidirectional Forwarding Detection (BFD) configured on an aggregated Ethernet interface, if you disable/enable the aggregated Ethernet interface, then that interface and the BFD session might not come up.
PR Number Synopsis Category: Border Gateway Protocol
1390113 The BGP peers in the new primary RE might flap due to hold-timer expiry after RE switchover
Product-Group=junos
On all Junos OS platforms enabled with GRES and NSR, if Routing Engine switchover is executed, the BGP peers in the new primary Routing Engine might flap because of the hold-timer expiry after GRES.
1396344 Processing a large scale as-path regex will cause the flap of the route protocols
Product-Group=junos
When 'as-path-group' is configured under BGP, if a configuration with a large scale as-path regex is committed, the route protocols flap might be seen.
1432100 The "dead" next-hop might stay in the forwarding table in a BGP-LU scenario after the primary interface recovers
Product-Group=junos
In BGP Labeled Unicast (BGP-LU) scenario, if the device works as penultimate hop and receives BGP-LU routes with indirect next-hop from an egress router, after the operational next-hop interface corresponding to those labeled routes flaps, a "dead" next-hop type (discard action is performed for this type) may be set for the related clone routes (s=0) and still there even the next-hop interface is operational again.
1435466 Clearing BGP neighbor might increase the convergence time
Product-Group=junos
In a scaled BGP scenario when a BGP peer has been reset, it might increase the converge time. Due to this the stale route entries might take longer than expected to be removed from the routing table.
1481589 The rpd process might crash with BGP multipath and route withdraw occasionally
Product-Group=junos
In BGP multipath scenario on all Junos platforms, if original active/best BGP multipath routes got flapped occasionally, some routes, which are changed from best routes to alternative now, are removed from the BGP multipath route list, but its multipath flag are not cleared, due to some temporarily incorrect route reorder in BGP. And when the currently active route got withdrawn for some reason, and the original best routes again become the best routes then rpd might hit an assert and crash.
PR Number Synopsis Category: BBE Remote Access Server
1402012 The authd crash might be seen due to a memory corruption issue
Product-Group=junos
In subscriber scenario, the authd might crash multi-times due to a memory corruption issue.
1402653 The subscribers might need to take login retry in the scenario with high usage of the address pool
Product-Group=junos
On all Junos platforms running in subscriber scenario with address pool configured, if the address pool has high usage so that only few addresses are free to allocate, when there are subscribers logout and login, the released address by one subscriber might get re-used and allocated to the other subscriber very soon. Due to this issue, syslog error messages might be seen, and the affected subscriber might need to take retry for login.
1449064 Subscribers login fails when PCRF server is unreachable
Product-Group=junos
In Gx-Plus for Provisioning Subscribers scenario, when the PCRF (Policy and Charging Rules Function) server is unreachable or the diameter protocol is down, the subscriber login might fail to successfully establish a session or the subscribers might fail to bind a service policy by Gx-Plus after the PCRF Server connectivity is restored.
PR Number Synopsis Category: Cassis pfe microcode software
1303489 MPC Major alarm, with logs: XQCHIP(46):XQ-chip[0]: DROP protect_regs error (status=0x8)
Product-Group=junos
In some scenarios with MPC, Major alarm and following messages are generated. this Major error is triggered due to parity error, and the impacted queue might drop packets,This might impact the forwarding, to recover MPC card need to be rebooted messages log: fpcx XQCHIP(46):XQ-chip[0]: DROP protect_regs error (status=0x8) alarmd[3158]: Alarm set: FPC color=RED, class=CHASSIS, reason=FPC x Major Errors Major alarm set, FPC x Major Errors fpcx XQCHIP(46):XQ-chip[0]: DROP protect_regs error (status=0x8) cli> show chassis alarms 1 alarms currently active Alarm time Class Description 2019-01-25 15:18:03 UTC Major FPC x Major Errors
PR Number Synopsis Category: MX Platform SW - UI management
1457657 The chassisd process and all FPCs may restart after RE switchover
Product-Group=junos
The chassisd process and all FPCs may restart after RE switchover if the knob "primary-only" is enabled.
PR Number Synopsis Category: Tracking sw issues related to Channelized 4xOC3/1xOC-12 Mic
1396538 MPC card/AFEB/TFEB with Channalized OC MIC might crash with core dump
Product-Group=junos
On MX Series platforms, if channelized OC MIC (such as 1xCOC12/4xCOC3 CH-CE) is used, the MPC card/AFEB/TFEB (Forwarding Engine Board) might crash with core files generated. This is not easily reproducible. The traffic through the MIC would be impacted.
PR Number Synopsis Category: Firewall Filter
1466698 An output bandwidth-percent policer with logical-bandwidth-policer applied to an AE bundle along with an output-traffic-control-profile has incorrect effective policing rate
Product-Group=junos
On MX platforms, for an AE bundle of at least two members hosted at two different FPCs, if the AE interface is with CoS output-traffic-control-profile of shaping-rate and with the output filter of policer with logical-bandwidth-policer and bandwidth-percent, the AE interface might have incorrect effective output policing rate.
1473093 Traffic might not be forwarded into the right queue but the default queue when VPLS traffic has three or more VLAN tags with VLAN priority 5
Product-Group=junos
On the MX platform with MPC line card (except DPC line card) used, if an input firewall filter is configured at the ingress VPLS interface, the packet with a VLAN priority of 5 with three or more VLAN tags might be forwarded into the wrong queue. When this occurs, it might cause traffic loss due to congestion as all traffic is forwarded into the default queue.
PR Number Synopsis Category: Express PFE FW Features
1426539 The host-bound traffic might be dropped after performing change configuration related to prefix-list
Product-Group=junos
On PTX1K/10K, PTX3K/5K with FPC3 or QFX10K series, if the prefix entries configured in prefix-list exceeds the limit what the Packet Forwarding Engine (PFE) chipset supports, some unexpected behavior might be observed (e.g. the host-bound traffic drops) after performing change operation related to the prefix-list configuration (e.g. add a prefix to prefix-list which is associated with filter).
1433648 Traffic drop might occur on PTX/QFX during filter change operation
Product-Group=junos
On PTX/QFX platforms, a firewall configuration change operation may not be done correctly within the PFE causing transit packets drops.
1449187 PTX3k: sometimes duplicate packets seen during policer testing with family MPLS
Product-Group=junos
PTX3k: sometimes duplicate packets seen during policer testing with family MPLS. Policer itself works with term specific (default) feature using bps bandwidth
PR Number Synopsis Category: Express PFE dhcp
1408161 The DHCP discover packets are dropped over VXLAN tunnel if DHCP relay is enabled for other VXLAN/VLANs
Product-Group=junos
On QFX10002/QFX10008/QFX10016 Series platforms, the DHCP discover packets are dropped over VXLAN tunnel in a pure Layer2 VXLAN/VLAN when the DHCP relay is enabled for other VXLAN/VLANs, it might result in the failure of DHCP IP address assignment.
PR Number Synopsis Category: Express PFE Services including JTI, TOE, HostPath, Jflow
1431498 IPFIX Flow timestamp is not matching with NTP synchronized system time
Product-Group=junos
The timestamp reported for packet arrival in NetFlow records will report inaccurate time due to the synchronization issue with NTP.
PR Number Synopsis Category: Express PFE L2 fwding Features
1399369 CPU hog may be observed on PTX/QFX10000 Series platform
Product-Group=junos
On PTX/QFX10000 series platform, CPU hog on PFC may be observed if the adaptive feature is enabled to load-balance for an AE interface.
1442587 The PMTUD might not work for both IPv4 and IPv6 if the ingress L3 interface is an irb
Product-Group=junos
Path MTU Discovery (PMTUD) is a standardized technique for determining the maximum transmission unit (MTU) size on the network path between two IP hosts, usually with the goal of avoiding IP fragmentation. On QFX10K platforms, the PMTUD might not work for both IPv4 and IPv6 if the ingress L3 interface is an irb. The corresponding ICMP Fragmentation Needed packet to the sender might be dropped silently, then PMTUD fails. This issue has service impact.
PR Number Synopsis Category: Express PFE L3 Features
1422789 BFD might stuck in slow mode on QFX10002/QFX10008/QFX100016 platform
Product-Group=junos
On QFX10002/QFX10008/QFX100016 platform, if BFD session is configured on fast mode, when the BFD session is across a dual-tagged interfaces (for example QinQ), BFD might switch to slow mode. BFD triggered FRR will have more loss and it takes more time to detect BFD down.
PR Number Synopsis Category: SRX1500 platform software
1488203 < SRX1500> CPU Board Inlet increases after OS upgrade from 15.1X49 release to OS 18.x
Product-Group=junosvae
On SRX1500, the temperature value of CPU Board Inlet increases after OS upgrade from 15.1X49 release to OS 18.x Although this is just the display issue it may cause false temperature alerts from CPU Board Inlet.
PR Number Synopsis Category: PTX Express ASIC interface
1412126 PTX interface stays down after maintenance
Product-Group=junos
On PTX3000/PTX5000 linecard (QSFP28-100GBASE-LR4) interface may stay down after software upgrade. Issue is usually observed on links connected to another vendors equipment.
PR Number Synopsis Category: Kernel software for AE/AS/Container
1440033 Traffic loss is observed on newly added interfaces in AE on "MX and EX platforms"
Product-Group=junos
On MX and EX series devices that support the "enhanced-ip" feature and when the new interface is added to aggregated ethernet (ae), output traffic is observed as 0 on the existing member links. This is being observed due to software issues as wrong weights are being set for existing child interfaces in the AE bundle.
PR Number Synopsis Category: Integrated Routing & Bridging (IRB) module
1436924 IRB over VTEP unicast traffic might get dropped on EX9200/MX platforms
Product-Group=junos
On EX9200/MX platforms running as Provider Edge (PE) nodes in Ethernet Virtual Private Network (EVPN) and Virtual extension LAN (VxLAN) scenario, if the enhanced-ip mode is enabled for chassis configuration, and the EVPN routing instance is configured with Integrated Routing and Bridging (IRB) interface, the unicast traffic which is sent through IRB over Virtual Tunnel End Point (VTEP) might get dropped since it couldn't get routed towards core network due to this issue. [TSB17770]
PR Number Synopsis Category: ISIS routing protocol
1419800 A memory leak in rpd might be seen if source packet routing is enabled for IS-IS protocol
Product-Group=junos
If source packet routing or segment routing is enabled for IS-IS protocol, a memory leak might happen in the routing protocol process (rpd). The rpd will crash and restart once the rpd runs out of memory.
1432398 The "show isis adjacency extensive" output is missing state transition details
Product-Group=junos
CLI command 'show isis adjacency extensive' output in text format is missing some details from the adjacency transition log. The output in XML format is still correct.
PR Number Synopsis Category: track re issu control procedure bugs
1256113 Traffic disruption seen when secondary node FPCs come online
Product-Group=junos
On SRX Chassis cluster, Traffic disruption seen on primary node when secondary node FPCs come online
PR Number Synopsis Category: jdhcpd daemon
1430916 After upgrade, DHCP relay binding got stuck in RELAY_STATE_WAIT_SDB_INIT_MIRROR_REQ_DELETE
Product-Group=junos
After upgrade Junos, DHCP-relay binding may drop a DHCP packet and stop binding an IP address. This issue has been fixed by PR1396470. Refer to the link below to see which version the issue is fixed in. https://prsearch.juniper.net/InfoCenter/index?page=prcontent&id=PR1396470
1432162 The jdhcpd memory leak might happen on MX5, MX10, MX40, MX80, and MX104 when testing DHCP subscribers log-in/out.
Product-Group=junos
On MX5/MX10/MX40/MX80/MX104 Series platforms with DHCP server configuration for DHCP subscribers, the jdhcpd memory leak might happen and the memory increase by 15MB which depends on the number of subscribers when testing the DHCP subscribers log-in/out.
PR Number Synopsis Category: jpppd daemon
1488302 MPLS VPN label can poin on discard next-hop after RE switchover without NSR if egress interface is pp0
Product-Group=junos
After RE switchover without non-stop routing (NSR) on the brodband network gateway (BNG) some VRF routing instances may experience blackholing for traffic destined to the hosts behind static PPPoE subscrier's CPE device. The affected routing instances are configured without 'vrf-table-label' knob and should have static route configured with pp0.xxx interface as a next-hop like: user@router> show configuration routing-instances TEST instance-type vrf; interface pp0.1000; route-distinguisher 65000:1000; vrf-target target:65000:1000; routing-options { static { route 10.0.0.0/24 next-hop pp0.1000; <<<< } }
PR Number Synopsis Category: Flow Module
1445480 Junos OS: SRX5000 Series: flowd process crash due to receipt of specific TCP packet (CVE-2019-0064)
Product-Group=junos
On SRX5000 Series devices, if 'set security zones security-zone tcp-rst' is configured, the flowd process may crash when a specific TCP packet is received by the device and triggers a new session.
1465944 Junos OS: High-End SRX Series: Multicast traffic might cause all FPCs to reset. (CVE-2020-1634)
Product-Group=junos
On High-End SRX Series devices, in specific configurations and when specific networking events or operator actions occur, an SPC receiving genuine multicast traffic may core. Refer to https://kb.juniper.net/JSA11014 for more information.
1489276 With 'set security flow no-local-favor-ecmp' on a Dual CPE, on failover and recovery of underlay path, gre-tunnel reports down and does not recover.
Product-Group=junos
On SRX or vSRX clusters, when 'set security flow no-local-favor-ecmp' is configured, some GRE or IPSec tunnels may not come up.
PR Number Synopsis Category: flow ha module
1409277 Junos OS: SRX Series: flowd process crash due to processing of specific transit IP packets (CVE-2019-0060)
Product-Group=junos
The flowd process, responsible for forwarding traffic in SRX Series services gateways, may crash and restart when processing specific transit IP packets through an IPSec tunnel. Continued processing of these packets may result in an extended Denial of Service (DoS) condition.
PR Number Synopsis Category: Firewall Policy
1414863 When utilizing Unified Policies, vSRX 3.0's srxpfe process may crash
Product-Group=junos
On vSRX 3.0 instances, when utilizing unified policies, Packet Forwarding Engine process (pfed) might crash and create a core file.
PR Number Synopsis Category: PFE infra to support jvision
1456275 Queue data might be missing from path '/interfaces/interface/state'
Product-Group=junos
On subscribing to '/interfaces/interface/state/' it might get subscribed to '/junos/system/linecard/interface/traffic/' internally, instead of '/junos/system/linecard/interface/queue/' which might impact traffic.
PR Number Synopsis Category: Layer2 forwarding on EX/NTF/PTX/QFX
1441824 FPC crash at heap_block_log due to NULL entries are also seen in the ifbd level list which are typically added for flush list. So this seems to be the side effect of the relink logic failure flush logic for MACs when there is ifbd/bd delete
Product-Group=junos
On routers running Junos OS and serving as EVPN gateways, FPC core files at heap_block_log due to NULL entries are also seen in the ifbd level list which are typically added for flush list. So this seems to be the side effect of the relink logic failure flush logic for MACs when there is ifbd/bd delete.
1498863 JDI-RCT: QFX 10002,10008 :: EVPN-DHCP : Inter & Intra VNI/VRF traffics are dropped between CEs when the interfaces connected between TOR and Multi-homes PEs are disabled
Product-Group=junos
QFX 10002,10008 :: EVPN-DHCP : Inter & Intra VNI/VRF traffics are dropped between CEs when the interfaces connected between TOR and Multi-homes PEs are disabled
PR Number Synopsis Category: Platform issues specific to MS-MIC (XLP)
1384830 Major Errors - XM Chip Error code: 0x701ca" seen after OIR of MIC's
Product-Group=junos
MPC2E NG/MPC3E NG card will go in error with error id XM Chip Error code: 0x701ca
PR Number Synopsis Category: Application specific PRs (cos/snmp/time-sync/routing/BRAS)
1255542 MX-VC: suboptimal Aggregate Ethernet Load Balancing when an Aggregate Ethernet bundle is part of an ECMP path.
Product-Group=junos
Load balancing is uneven across Aggregated Ethernet (AE) member links when the AE bundle is part of an equal-cost multipath (ECMP). The AE member links need to span Virtual Chassis members.
PR Number Synopsis Category: MPC-3D Platform
1433948 Interfaces on MPC-3D-16XGE-SFPP may go down due to CB0 clock failure
Product-Group=junos
On MX Series platforms, if the clock frequency is slowly changing on CB0 (slow drift), the clock source for MPC-3D-16XGE-SFPP may not be changed to CB1, which will cause interfaces on it to go down and remain in the downstate.
PR Number Synopsis Category: Multiprotocol Label Switching
1282369 The rpd on backup RE might crash when the rpd on primary RE restarts
Product-Group=junos
With nonstop active routing (NSR), when the routing protocol process (rpd) restarts on the primary Routing Engine, the rpd on the backup Routing Engine might restart.
1460283 Pervious configured credibility preference it is not considered by CSPF despite the configuration is deleted or changed to prefer another protocol in TED
Product-Group=junos
After configuring the credibility, the new credibility preference value will be stored internally and its not cleared or consider by the CSPF module, incase if the perviously configuration of "traffic-engineering credibility-protocol-preference" was deleted or if you configure "traffic-engineering credibility-protocol-preference" under another protocol (for example ISIS)
PR Number Synopsis Category: Multicast for L3VPNs
1442054 Memory leak might happen if PIM messages received over an MDT (mt- interface) in Draft-Rosen MVPN scenario
Product-Group=junos
On all Junos platforms configured in the Draft-Rosen Multicast Virtual Private Network (MVPN) scenario, if Protocol Independent Multicast (PIM) messages are received over an Multicast Distribution Tree (MDT) tunnel logical interface (mt- interface), there might be memory leak which will lead to the rpd process crash.
PR Number Synopsis Category: Track Mt Rainier RE platform software issues
1386306 The log message of 'kernel: interrupt storm detected on "irq11:"; throttling interrupt source' might be seen when NG-RE is used
Product-Group=junos
With Next Generation Routing Engine (NG-RE), in some race conditions, the following interrupts messages might be seen on primary RE: kernel: interrupt storm detected on "irq11:"; throttling interrupt source
PR Number Synopsis Category: OS IPv4/ARP/ICMPv4
1345720 The rpd might crash when doing Routing Engine switchover with NSR and logical-system configurations.
Product-Group=junos
When doing RE switchover with NSR (nonstop-routing) and logical-system configurations, rpd core might happen. This issue is platform independent. And it would cause traffic or service impact.
PR Number Synopsis Category: FreeBSD Kernel Infrastructure
1410542 The chassisd process might crash due to a thread locking defect
Product-Group=junos
The chassisd crash with core dump file might be seen if some error happens in chassisd syslog functionality. Traffic is impacted as FPCs are restarted.
1442376 EX2300 platforms might stop forwarding traffic or responding to console
Product-Group=junos
On EX2300/EX2300-C platforms, if Junos OS is with FreeBSD kernel version 11 with the build date on or after 2019-02-12, the switch might stop forwarding traffic or responding to console. A reboot is required to restore the service.
1463802 The scheduled tasks might not be executed if "cron" daemon goes down without restart automatically
Product-Group=junos
The service utility "cron" runs in the background and regularly checks /etc/crontab for tasks to execute and searches /var/cron/tabs for custom crontab files. These files are used to schedule tasks which "cron" runs at the specified times. "cron" daemon is started during boot. If for some reason, the "cron" process exits, the scheduled tasks will not be executed. "cron" was not restarted automatically and had to be started manually.
PR Number Synopsis Category: TCP/UDP transport layer
1449929 The DF flag BGP packets are dropped over MPLS LSP path
Product-Group=junos
When the mtu-discovery is configured under BGP, the DF (Don't Fragment) flag BGP packets are dropped if they go through the smaller MTU MPLS LSP path. This issue will cause the BGP session flap and the failure of BGP routes update.
PR Number Synopsis Category: Issues related to PKI daemon
1465966 Loading CA certificate causes PKI daemon core file to be generated.
Product-Group=junos
If a CA certificate includes CRL URL that doesn't have "/" to separate URL from the "hostname:port" section, when SRX loads it, pkid crash might happen and any service relies on CA will be affected, because the URL in CRL that is used to verify the validation of certificate will not work, that may cause security risk.
PR Number Synopsis Category: PTP related issues.
1451950 FPC core may be seen after changing the configuration of PTP/SyncE
Product-Group=junos
On the ACX/MX/QFX platform with PTP (Precision Time Protocol)/SyncE (Synchronous Ethernet) enabled, if configuration changes for the PTP/SyncE are combined with multiple events, the FPC core might be seen.
1458581 The "FPC X major errors" alarm may be raised after committing the PTP configuration change
Product-Group=junos
On MX router with MPC5/MPC6/MPC7/MPC8/MPC9/MPC10 installed environment, after committing the PTP configuration change, the "FPC X major errors" alarm may be raised. This issue may cause interface flap and traffic loss.
1461031 The PTP function may hog kernel CPU for a long time
Product-Group=junos
If the PTP function is configured, the process ppmd may be starved due to the defect that PTP function hog kernel CPU for a long time (>100ms), which can cause the "keep-alive" of the corresponding functions timeout such as ppmd based functions - LFM, BFD.
PR Number Synopsis Category: Chassis mgmt for all QFX systems - chassis MIB, alarms, CLI
1414703 DC output information is missing in the "show chassis environment pem" output for whitebox
Product-Group=junos
DC output information is missing in the "show chassis environment pem" output for whitebox.
1475851 [Tencent] ULC-30Q28 FPC major error after system boot up or fpc restart
Product-Group=junos
FPC is reporting Major Error because of SHUTDOWN ERI failure during BIST with repair on HMC having FW version >= 0x9c. BIST with repair is incorporated during boot up, so this Major Error will be reported during boot up having FW>=0x9c on HMC. During debugging, its found that this ERI is getting issued even before the HMC was brought up which is resulting into this Error. So added bringup steps for HMC before the BIST procedure starts as done for vale-ptx.
PR Number Synopsis Category: QFX Platform related (SYSLOG/ALARMS/miscellaneous)
1394978 The DRAM and Buffer utilization fields are not correct for QFX platforms
Product-Group=junos
"show chassis fpc" command displays a wrong amount of available memory on a QFX's FPCs.
1394978 The DRAM and Buffer utilization fields are not correct for QFX platforms
Product-Group=junosvae
"show chassis fpc" command displays a wrong amount of available memory on a QFX's FPCs.
1409448 The 10G fiber interfaces might flap frequently when they are connected to other vendor's switch
Product-Group=junos
When QFX5100 and other vendor's switch are connected via 10G fiber link, flaps may happen sometimes.
1465183 PEM is not present spontaneously on QFX5210
Product-Group=junos
On QFX5210 platforms, due to a firmware issue on the power supplies (PEMs) of the switch, the routing engine may spontaneously misread the status registers of a power supply. This produces erroneous messages of PEM not present. Although the power supply is present and can deliver power, the system may then deactivate the power supply believing it not to be present.
1498175 QFX5210: Unexpected behaviour see for Port LEDs lights post Upgrade
Product-Group=junos
After upgrading QFX5210 to the affected releases, Port LED lights misbehaviour could be seen as follow. i. 40G port LED show amber instead of green ii. 2x50g port LED not lit. iii. 2x25g port LED shows white instead of green. There is no impact to packet forwarding on the port. The issue is cosmetic and only LED colour is affected. It can be resolved after doing a Junos upgrade to one of the fix releases. With the fix, Port LEDs glow green as expected
PR Number Synopsis Category: QFX L2 PFE
1475005 On QFX platforms the system might stop new MAC learning and have impact on layer 2 traffic forwarding
Product-Group=junos
On QFX platforms, if there are a lot of MAC moves, the system might stop new MAC learning and lots of old MAC addresses might be stuck and couldn't be aged and deleted. Due to this issue, could have impact on layer 2 traffic forwarding and the customer service.
PR Number Synopsis Category: QFX L3 data-plane/forwarding
1406242 QFX5200/5100 might not be able to send out control plane traffic to the peering device
Product-Group=junos
On all QFX5200/5100 platforms, the router might not be able to send out control plane traffic to the peering device along with "Failed to allocate 16384 DMA memory" messages. All the routing protocols running over the affected interfaces will be down due to this issue, and therefore it impacts the service.
PR Number Synopsis Category: show route table commands, tracing, and syslog facilities
1418152 The rpd crash might be seen after changing the OSPF/OSPF3 interface bandwidth
Product-Group=junos
In OSPF/OSPF3 scenario, "set interface unit bandwidth" or ae member-links down/up may change the value of "OSPF reference bandwidth/interface bandwidth", then trigger rpd crash.
PR Number Synopsis Category: multicast source distribution protocol
1454244 The rpd memory might leak in a certain MSDP scenario
Product-Group=junos
In the Multicast Source Discovery Protocol (MSDP) scenario, where the router acts as both Rendezvous Point (RP) and First Hop Router (FHR), connecting to another RP in its AS with a logical loop topology, due to this special setup, it might cause a source-active (SA) message continuously to loop and eventually causes the rpd memory leak.
PR Number Synopsis Category: Resource Reservation Protocol
1505834 The rpd process might crash with RSVP configured in a rare timing case
Product-Group=junos
On all Junos platforms running with the Resource Reservation Protocol (RSVP) configured, when some socket error happens, RSVP might be unable to send message, however the counter for sent messages has already been increased due to the software design defect. The wrong counter might lead to the rpd process crash. It's a rare timing issue and it might be more likely to happen in a scaled scenario.
PR Number Synopsis Category: SW PRs for SCBE3 fabric
1491968 FPCs might stay down or restart when swapping MPC7/8/9 with MPC10/11 or vice versa in the same slot
Product-Group=junos
In MX240/MX480/MX960 routers with SCB3E or MX2010/2020 with SFB3 scenario, if MPC7E/8E/9E is swapped with MPC10E/11E each other or vice versa in the same slot, the different encoding mode between two MPCs might cause SCB3E/SFB3 to not change the mode gracefully according to the new MPC type inserted. This causes fabric destination errors which can trigger fabric healing mechanisms and cause system-wide impact due to fabric planes and FPCs getting reset. [TSB17748]
PR Number Synopsis Category: IPSEC functionality on M/MX/T ser
1354757 Newly provisioned IPsec tunnel could not forward traffic
Product-Group=junos
Newly provisioned IPsec tunnel may not forward traffic. This issue gets triggered in certain specific condition wherein the RE daemon(kmd) processes the Outside MS-IFL UP event followed by Inside MS-IFL UP event. Normally, kmd receives Inside MS-IFL UP event followed by Outside MS-IFL UP event and this is one of the main reason that this issue is very hard to reproduce.
PR Number Synopsis Category: Generic platform and infra issues for MS-MIC and MS-MPC(XLP)
1102367 MS-MIC, MS-MPC might generate coredump upon receiving fragmented traffic
Product-Group=junos
On MX Series routers where MS-MIC or MS-MPC is inserted, certain combinations of fragmented packets might lead to an MS-MIC or MS-MPC coredump.
1489942 Prolonged flow-control might happen on MX platforms with MS-MPC/MS-MIC
Product-Group=junos
On MX platforms with MS-MPC/MS-MIC, if there are lots of self-generated packets like TCP-tickle and UDP-logging, there might be data congestion on the data path due to no throttling functionality for such types of packets. When the data path is blocked, prolonged flow-control might happen with the service interfaces being brought down and the PIC reboot. At the same time, the mspmand core file will be generated if dump-on-flow-control is enabled.
PR Number Synopsis Category: MPC7/8/9 chassis issues
1380183 MQSS errors might cause FPC restart.
Product-Group=junos
On EX9200, MX platform with MPC7E/8E/9E, MX204/MX10003/MX10008/MX10016, a physical interface link flaps continuously might cause MQSS errors which might cause the restart process of FPC for fault handling, and packets drop might be seen during the self-recovery process.
PR Number Synopsis Category: MPC7/8/9 Interface Issues
1441816 Egress stream flush failure and traffic blackhole might occur
Product-Group=junos
Egress stream flush failure and silent dropping of traffic could occur in a rare occasion for a repeatedly flapping link on MPC7E, MPC8E, and MPC9E cards.
PR Number Synopsis Category: MX10003/MX204 Platform SW - Chassisd s/w defects
1348753 Chassisd memory leak issue on MX10003 and MX204 platform and it would cause eventual chassisd crash and RE switchover.
Product-Group=junos
Chassisd process running on MX10003 and MX204 platform will be leaking memory. Memory leak happens as long as chassisd is working and there is no way to stop leaking. This would cause eventual chassisd crash and RE switchover.
1436832 The device may not be reachable after a downgrade from some releases
Product-Group=junos
It is possible that there are multiple processes try to access CB FPGA concurrently. This can lead to the system hung state immediately after bootup. This fix makes "alarmd" process retries if it failed to gain access to the FPGA. This will prevent alarmd to hang the router during boot-up.
PR Number Synopsis Category: MX10003/MX204 MPC defects tracking
1474231 QSA adapter Lane 0 port might be also brought down when disabling one of the other lanes
Product-Group=junos
When QSA adapter is installed, the Lane 0 port might be also in down state when disabling one of the other lanes (1, 2 or 3) due to the chan number not entertained. It is not expected behaviour and it might affect service.
PR Number Synopsis Category: Issues related to broadband edge apps (PPP, DHCP) on Trio ch
1401808 FPC core files due to a corner case scenario (race condition between RPF, IP flow).
Product-Group=junos
In a subscriber management deployment where the Reverse-Path-Forwarding (RPF) check and MAC check is enabled, a race condition might cause software failure and resulted in a Flexible PIC Concentrator (FPC) to restart.
1414145 FPC crash might be observed if it reaches heap utilization limit.
Product-Group=junos
In a subscriber management environment, FPC crash may be observed if it reaches heap utilization limit along with continuously subscriber login in, this is due to a code defect which fails to report this condition accurately, then because of this failure further subscriber login in is allowed, which further causes FPC crash.
PR Number Synopsis Category: Trio pfe qos software
1418602 FPC log messages: "Q index(xxxxx) is not allocated"
Product-Group=junos
The cause of the messages is a race condition. For each IFL, IFLSET or IFD object, HALP statistics module reads stats values from hardware for the individual queues. HALP stats module is implemented as a separate stats thread and while stats thread is waiting, PFEMAN thread may assign different queues to the IFL/IFLSET/IFD object. After stats thread gets CPU back, before reading HW for the next queue, stats thread needs to validate that queue is still applicable, which fails if we see the message. The messages are harmless and can be ignored.
PR Number Synopsis Category: Trio pfe bridging, learning, stp, oam, irb software
1412457 Ethernet MAC addresses may not be learnt after performing the "clear bridge mac table"
Product-Group=junos
An LU-base MPC may not learn Ethernet MAC address after the "clear bridge mac table" command is issued. Examples of LU-based MPC are the MPC2/3/4 and MPC-3D-16XGE
1505465 Traffic convergence failed with ICL failure case
Product-Group=junos
LACP State machine will not converge to CD on PEER device, Because of which traffic drop is seen on DUT.
PR Number Synopsis Category: Trio pfe multicast software
1478981 The convergence time for MVPN fast upstream failover might be more than 50ms
Product-Group=junos
On MX platforms which act as Next Generation Mulicast Virtual Private Network (NG-MVPN) Provider Edge (PE) routers, if the hot-root-standby and sender-based-rpf features are configured to enable MVPN fast upstream failover, once the primary multicast flow rate falls below the configured "mvpn hot-root-standby min-rate rate" threshold, the egress PE router is supposed to take switchover action from the primary flows to the backup ones, and the covergence time should be within 50 milliseconds. Due to this issue, the covergence time might be more than 50ms and reach up to several seconds (e.g. 2~3s) in a highly scaled scenario (e.g. the number of the multicast groups undergoing the switchover simultaneously is greater than 250 groups). This will result in more traffic loss than expected.
PR Number Synopsis Category: web filterig issues
1481290 UTM websense redirect support IPv6 message.
Product-Group=junos
Websense-Redirect mode web-filter on SRX start to support IPV6 traffic after this fix
PR Number Synopsis Category: Virtual Router Redundancy Protocol
1477821 Traffic blackhole for 248s might be seen when the AE member link on MPC10E with minimum-links configuration is brought down
Product-Group=junos
In VRRP over AE scenario, if AE is configured on MPC10 card with "minimum-links" knob, after bringing down the AE member links (when the active member link becomes lower than configured minimum link) on primary VRRP router, traffic blackhole for 248s is seen during VRRP mastership movement.
Modification History:
First publication 2020-05-26
Comment on this article > Affected Products Browse the Knowledge Base for more articles related to these product categories. Select a category to begin.

Getting Up and Running with Junos

Getting Up and Running with Junos Security Alerts and Vulnerabilities Product Alerts and Software Release Notices Problem Report (PR) Search Tool EOL Notices and Bulletins JTAC User Guide Customer Care User Guide Pathfinder SRX High Availability Configurator SRX VPN Configurator Training Courses and Videos End User Licence Agreement Global Search