Search our Knowledge Base sites to find answers to your questions.
Ask All Knowledge Base Sites All Knowledge Base Sites JunosE Defect (KA)Knowledge BaseSecurity AdvisoriesTechnical BulletinsTechnotes Sign in to display secure content and recently viewed articles18.4R3-S3: Software Release Notification for JUNOS Software Version 18.4R3-S3
Junos Software service Release version 18.4R3-S3 is now available.
NOTE: Know critical issue for EX Series. The Service Release Software for EX Series has been recalled. The issue caused by PR1510224 - Performing "request system zeroize" on an EX may brick the switch
Warning: With VPLS/Bridge-Domain environment, an MX/EX9200 Series router with Trio-based MPCs running software version 18.4R3-S3. The MPCs may experience NH memory leak in the PFEs when using integrated routing and bridging (IRB) interface participating in the VPLS/Bridge-domain instance.
PR Number | Synopsis | Category: DOT1X |
---|---|---|
1462479 | EX-4600-EX-4300: Mac entry missing in Ethernet-Switching table for Mac-radius client in server fail scenario when tagged is sent for 2 client Product-Group=junos |
In case of server_fail scenario, When tagged traffic is sent for first client MAC learning happen for both data and voice. But for second client on same interface learning happening only for voice. Because vlan is already added for an interface due to first client authentication process. |
1504818 | EX2300-48MP :: Client did not receive captive-portal success page by downloading the ACL parameter as Authentication failed Product-Group=junos |
In case of captive-portal, Authentication is getting failed for captive portal user when we receive filter from radius for that user. This issue has seen only with config captive portal with radius filter when dot1x stanza is not present. |
PR Number | Synopsis | Category: EX2300/3400 VC |
1461554 | RTG link faces nearly 20 sec down during backup node rebooting Product-Group=junos |
On VirtualChassis (VC) setup with Redundant Trunk Groups (RTG) enabled, nearly 20 sec down is observed at RTG link during node reboot. The issue is seen when the rebooted target FPC0 is working as the backup. This issue might cause traffic loss of about 20 seconds. |
PR Number | Synopsis | Category: NFX LTE Software |
1507165 | tunnels are down in GWR, after jdm image upgrade from D497.1 to 18.4R3-S2 porter 2 image Product-Group=junosvae |
tunnels are down in GWR, after jdm image upgrade from D497.1 to 18.4R3-S2 porter 2 image |
PR Number | Synopsis | Category: QFX Access control list |
1499918 | Traffic drop might be observed after modifying FBF firewall filter Product-Group=junos |
On QFX5K platforms, after making changes in filter-based forwarding (FBF) firewall filter that is configured with multiple terms or different routing instances, traffic drop might be observed. |
PR Number | Synopsis | Category: QFX PFE L2 |
1499422 | The FPC will go down when 100G link comes up on the network port of the QFX5110-48S device Product-Group=junos |
On the QFX5110-48S device running on Junos 19.3R2-S2, 18.2R3-S3 or 18.2R3-S4, the FPC will go down when the 100G link comes up on the network port. This leads to FPC up and down every 90 seconds. During the problem state running CLI "show chassis fpc detail" will not yield any output for upto 90sec. user@device> show chassis fpc detail. <-------- Empty Once FPC state transition back to online state, the 100G transceivers gets detected and fpc flap is seen again. This behavior is seen continuously as long as 100G transceivers remain connected to the QFX device in question. If 100G interfaces gets disabled from CLI or physically removed from the QFX switch, the FPC flap will no longer be seen. Note: This issue is not applicable when 100G-QSFP is used as a VCP port on QFX5110-48S. |
PR Number | Synopsis | Category: MPC Fusion SW |
1463859 | The MPC2E-NG/MPC3E-NG card with specific MIC might crash after a high rate of interface flaps Product-Group=junos |
If any MIC of type MIC-3D-2XGE-XFP / MIC-3D-4XGE-XFP / MIC-3D-20GE-SFP-E / MIC-3D-20GE-SFP-EH / MIC-MACSEC-20GE is installed in MPC2E-NG/MPC3E-NG card, the Microkernel (uKern) might hog for CPU on Packet Forwarding Engine (PFE) when there is a high rate of interface flaps (~30/40 flaps per second). This will eventually trigger the MPC2E-NG/MPC3E-NG card crash with an NGMPC core file. Normally the excessive interface flapping won't happen frequently in the real-world and it may be caused due to the external environment. This fix will reduce the impact and prevent the uKern hog when having such conditions. The fix for this issue causes a regression as documented in TSB17782 and PR1508794 which affects interfaces with "WAN-PHY" framing. |
PR Number | Synopsis | Category: common or misc area for SRX product |
1434592 | Fabric link monitoring is not resetting the secondary node FPC after recovering from fabric link failure Product-Group=junos |
The cluster is stuck in the CS(Cold Sync monitoring ) status after recovering from fabric link failure. |
PR Number | Synopsis | Category: Border Gateway Protocol |
1499977 | The rpd may crash if the import policy is changed to accept more routes that exceed the teardown function threshold Product-Group=junos |
On all platforms with BGP max-acceptance prefix limit (accepted-prefix-limit with teardown action) configured, the rpd crashes may occur when a policy change causes the number of routes being imported cross the configured threshold value and teardown action is being performed by the router. |
PR Number | Synopsis | Category: Class of Service |
1470252 | Syslog error cosd[10290]: LIBCOS_COS_ATTRIBUTE_RETRIEVE_FAILED: FAILED to retrieve cos field (cos_fc_defaults_0_fc_no_loss) Product-Group=junosvae |
Class-of-service forwarding class default fields are missing in the schema file resulting in error log LIBCOS_COS_ATTRIBUTE_RETRIEVE_FAILED |
PR Number | Synopsis | Category: EVPN Layer-2 Forwarding |
1498023 | The l2ald memory leak may be observed in any EVPN scenario Product-Group=junos |
In any EVPN scenario (e.g. active-active multi-homing mode, active-standby multi-homing mode, EVPN-VxLAN, or EVPN-MPLS), the l2ald (Layer 2 Address Learning Daemon) memory may slowly come up when the local CE or core face interfaces continuously flap. If the memory of l2ald is exhausted, it will cause the l2ald to crash. |
1502357 | The VXLAN function might be broken due to a timing issue after the change in PR 1495098 Product-Group=junos |
After the change in PR 1495098 (currently the affected release is 18.4R3-S2), the VXLAN function might be broken due to a timing issue. It is not recommended to use VXLAN with the affected release. |
PR Number | Synopsis | Category: Express PFE FW Features |
1432116 | The FPC might crash when a firewall filter is modified Product-Group=junos |
In QFX10K/PTX series platforms, if a firewall filter with multiple match conditions is configured on interfaces which are Up and the firewall filter is modified (either a new action is added or the condition is added/removed etc.), the FPC might crash and restart. It might affect the service/traffic. |
PR Number | Synopsis | Category: Integrated Routing & Bridging (IRB) module |
1436924 | IRB over VTEP unicast traffic might get dropped on EX9200/MX platforms Product-Group=junos |
On EX9200/MX platforms running as Provider Edge (PE) nodes in Ethernet Virtual Private Network (EVPN) and Virtual extension LAN (VxLAN) scenario, if the enhanced-ip mode is enabled for chassis configuration, and the EVPN routing instance is configured with Integrated Routing and Bridging (IRB) interface, the unicast traffic which is sent through IRB over Virtual Tunnel End Point (VTEP) might get dropped since it couldn't get routed towards core network due to this issue. [TSB17770] |
PR Number | Synopsis | Category: Security platform jweb support |
1502657 | The J-Web users might not be able to configure PPPoE using PPPoE wizard Product-Group=junos |
On SRX platform with J-Web service enabled, when PPPoE wizard is used for configuring an interface for PPPoE, the DHCP pool Name is required but the pool list is not displayed and the configuration doesn't get completed. This issue is seen when the backend software is not able to fetch the DHCP pool details. |
PR Number | Synopsis | Category: Application specific PRs (cos/snmp/time-sync/routing/BRAS) |
1493699 | [subscriber_services] [all] JDI_BBE_REGRESSIONS: DHCP subscribers not coming up as expected after deactivating vcp port Product-Group=junos |
In 20.1R1, for MX-VC platforms, setting or deleting a VC port causes other VC ports on the same FPC/MIC slot to bring link state down for a few seconds, possibly interrupting communication with the other member chassis. |
PR Number | Synopsis | Category: Chassis mgmt for all QFX systems - chassis MIB, alarms, CLI |
1475851 | [Tencent] ULC-30Q28 FPC major error after system boot up or fpc restart Product-Group=junos |
FPC is reporting Major Error because of SHUTDOWN ERI failure during BIST with repair on HMC having FW version >= 0x9c. BIST with repair is incorporated during boot up, so this Major Error will be reported during boot up having FW>=0x9c on HMC. During debugging, its found that this ERI is getting issued even before the HMC was brought up which is resulting into this Error. So added bringup steps for HMC before the BIST procedure starts as done for vale-ptx. |
PR Number | Synopsis | Category: QFX Control Plane Kernel related |
1421250 | A vmcore is seen on QFX VC Product-Group=junos |
On QFX Series Virtual Chassis during shutdown, if an interrupt is received, the system gets into this state and vmcore is observed. |
1421250 | A vmcore is seen on QFX VC Product-Group=junosvae |
On QFX Series Virtual Chassis during shutdown, if an interrupt is received, the system gets into this state and vmcore is observed. |
PR Number | Synopsis | Category: QFX Platform related (SYSLOG/ALARMS/miscellaneous) |
1423201 | SFP-LX10 stay down until disable auto-negotiate Product-Group=junosvae |
SFP-LX10 stay down until disable auto-negotiate. |
PR Number | Synopsis | Category: QFX platform optics related issues |
1497947 | lcmd core seen on QFX5210064C Product-Group=junosvae |
The LCMD process is the Linux Chassis Management Management Daemon. Due to a bug in the I2C handling in the daemon, a core dump may be seen. There is no specific user-visible trigger for the core dump and you may see several erroneous alarms when the core dump occurs. These should clear after the daemon automatically restarts |
PR Number | Synopsis | Category: RPD Interfaces related issues |
1383246 | The chassisd might crash due to HW-DB errors on TVP based platforms Product-Group=junos |
On platforms of the ToR Velocity Program (TVP) in rare cases, HW-DB errors might be seen if the device has been up for a long time. This might cause chassisd crash. If GRES is not enabled, it might cause service impact. (HW-DB is a structure where FRU information is stored. Normally it updates when a message from FRU arrives for the first time. But due to this bug, every message gets appended to the HW-DB. After a a very long run, heap overflow happens.) |
PR Number | Synopsis | Category: multicast source distribution protocol |
1485206 | There might be rpd memory leak in a certain looped MSDP scenario Product-Group=junos |
On all Junos platforms running in the Multicast Source Discovery Protocol (MSDP) scenario, if there are multiple overlapping mesh groups existing in the topology, for example, node A and B belong to mesh group M, node A and D belong to mesh group N, while node B and D belong to a different mesh group O, the Source Active (SA) messages sent from node A might get continously looped due to this issue. This might lead to the rpd memory leak and 100% CPU utilization. |
PR Number | Synopsis | Category: platform related PRs on SRX branch platforms |
1497956 | Traffic interruption happens due to MAC address duplication between two Junos devices Product-Group=junos |
On Branch SRX series, traffic interruption might happen if an AE interface is configured, due to MAC address duplication with other Junos devices. For the reason is that the MAC address allocation for the AE interfaces of a Branch SRX will start from out of the local public pool range, and this MAC is most likely used for anther Junos device which is in the same Layer 2 broadcast domain. Note: 1. Each Junos device has its own local MAC range. And a MAC address consists of 6 groups of hexadecimal numbers, the first 3 groups are fixed as the vendor identifier, and the last 3 groups are available for Junos devices. with this, each Junos device takes a short segment from the available address range as the local MAC address range. 2. Public MAC pool VS private MAC pool in a device, the main difference is the penultimate binary bit in the first group (belongs to vendor identifier group), "0" indicates public, "1" for private. 3. Junos usually allocates MAC addresses from the private pool for the first 16 AE interfaces and MAC from the public pool for the 17th AE. (But Branch SRX series is an exception, which has no private pool) |
PR Number | Synopsis | Category: MX10003/MX204 MPC defects tracking |
1491970 | User configured MTU might be ignored after the ISSU upgrade using "request vmhost software in-service-upgrade" Product-Group=junos |
User configured MTU might be ignored after the ISSU upgrade using "request vmhost software in-service-upgrade" if MTU is configured more than 9192. |
PR Number | Synopsis | Category: Issues related to broadband edge apps (PPP, DHCP) on Trio ch |
1440676 | FPC might stuck in 100% CPU utilization due to GRES and multiple daemon's continuous restart on MX platform Product-Group=junos |
On MX series routers, in some situations when too many statistics (e.g. show interfaces queue) need to be collected from the Packet Forwarding Engine level at the same time, the bulk manager thread of the FPC microkernel level might be continuously busy and cause permanent 100% FPC CPU utilization. The issue is seen on a subscriber setup when continuous GRES ( Graceful Routing Engine Switchover) is performed with multiple daemons(PFED, STATSD, SMGD ect) restart. |
PR Number | Synopsis | Category: Trio pfe bridging, learning, stp, oam, irb software |
1468663 | JNH memory leaks might be seen after CFM session flap for LSI/VT interfaces Product-Group=junos |
JNH memory leak may be seen when CFM session over the VPLS LSI interface/VT interface flaps if mip-half-function is used. |
PR Number | Synopsis | Category: ESWD |
---|---|---|
1192520 | GARPs being sent from the switch once in 10 minutes Product-Group=junos |
GARPs were being sent whenever there is a mac (fdb) operation (add or delete). This is now updated to send GARP when interface is UP & l3 interface attached to the vlan. |
PR Number | Synopsis | Category: EX2300/3400 PFE |
1462155 | The fxpc crashes due to PFEMAN_RT thread and BCM linkscan thread get into a deadlock Product-Group=junosvae |
In certain conditions, PFEMAN_RT thread and BCM linkscan thread get into a deadlock causing watchdog timeout. |
PR Number | Synopsis | Category: QFX Access control list |
1497133 | Firewall filter could not work in certain conditions under VC setup Product-Group=junos |
On EX4650/QFX5120 with Virtual Chassis setup, the firewall filter (egress direction) could not work when traffic goes across VCP (Virtual Chassis Port) link. |
PR Number | Synopsis | Category: MPC Fusion SW |
1508794 | MPC2E/3E NG: WAN-PHY interface continuously flaps with default hold-time down of 0 Product-Group=junos |
On MX-series routers with MPC2E or MPC3E NG line cards, 10GE interface configured with WAN-PHY framing may flap continuously if the hold-down timer is set to 0 (which is the default). |
PR Number | Synopsis | Category: Border Gateway Protocol |
1481589 | The rpd process might crash with BGP multipath and route withdraw occasionally Product-Group=junos |
In BGP multipath scenario on all Junos platforms, if original active/best BGP multipath routes got flapped occasionally, some routes, which are changed from best routes to alternative now, are removed from the BGP multipath route list, but its multipath flag are not cleared, due to some temporarily incorrect route reorder in BGP. And when the currently active route got withdrawn for some reason, and the original best routes again become the best routes then rpd might hit an assert and crash. |
PR Number | Synopsis | Category: Class of Service |
1470252 | Syslog error cosd[10290]: LIBCOS_COS_ATTRIBUTE_RETRIEVE_FAILED: FAILED to retrieve cos field (cos_fc_defaults_0_fc_no_loss) Product-Group=junos |
Class-of-service forwarding class default fields are missing in the schema file resulting in error log LIBCOS_COS_ATTRIBUTE_RETRIEVE_FAILED |
PR Number | Synopsis | Category: DNX L2 related features |
1461485 | SW:Rio-X NPI:Platforms: ACX5448-D Interfaces and Optics support: sometimes during the bring up of AE interface there are ARP resolution issue Product-Group=junos |
Arp issue is seen with AE :When one member of AE is removed and also when device is rebooted with AE configuration. |
PR Number | Synopsis | Category: jpppd daemon |
1488302 | MPLS VPN label can poin on discard next-hop after RE switchover without NSR if egress interface is pp0 Product-Group=junos |
After RE switchover without non-stop routing (NSR) on the brodband network gateway (BNG) some VRF routing instances may experience blackholing for traffic destined to the hosts behind static PPPoE subscrier's CPE device. The affected routing instances are configured without 'vrf-table-label' knob and should have static route configured with pp0.xxx interface as a next-hop like: user@router> show configuration routing-instances TEST instance-type vrf; interface pp0.1000; route-distinguisher 65000:1000; vrf-target target:65000:1000; routing-options { static { route 10.0.0.0/24 next-hop pp0.1000; <<<< } } |
PR Number | Synopsis | Category: Flow Module |
1489276 | GRE/IPSec tunnel might not come up when 'set security flow no-local-favor-ecmp' command is configured Product-Group=junos |
On SRX or vSRX clusters, when 'set security flow no-local-favor-ecmp' is configured, GRE/IPSec tunnel might not come up. |
PR Number | Synopsis | Category: User Firewall related issues |
1499090 | Don't use capital characters for source-identity when using "show security match-policies" cmd. Product-Group=junos |
When using "show security match-policies" cmd to match a policy with source-identity configured, only the non-capital source-identity name can be matched by policy. |
PR Number | Synopsis | Category: Layer 2 Control Module |
1505710 | The l2cpd crash might be seen if adding/deleting ERP config and then restart l2cpd Product-Group=junos |
If adding/deleting "protocols protection-group ethernet-ring" (ERP) config along with restarting l2cpd, the l2cpd crash might be seen, the l2cpd process will not recover again and it would be coring continuously. |
PR Number | Synopsis | Category: Multicast Routing |
1470183 | The mcsnoopd might crash when the STP moves the mrouter port to the blocked state Product-Group=junos |
On ACX, EX, QFX, NFX and SRX platform, when IGMP snooping is enabled and a logical interface (IFL) of mrouter port is in blocked state by Spanning Tree protocol (STP), removal of the IFL might get stuck in Kernel routing table (KRT), which causes mscnoopd crash. Traffic loss will happen during mscnoopd self-restart. |
PR Number | Synopsis | Category: QFX Platform related (SYSLOG/ALARMS/miscellaneous) |
1394978 | The DRAM and Buffer utilization fields are not correct for QFX platforms Product-Group=junos |
"show chassis fpc" command displays a wrong amount of available memory on a QFX's FPCs. |
1394978 | The DRAM and Buffer utilization fields are not correct for QFX platforms Product-Group=junosvae |
"show chassis fpc" command displays a wrong amount of available memory on a QFX's FPCs. |
PR Number | Synopsis | Category: QFX L2 PFE |
1475005 | On QFX platforms the system might stop new MAC learning and have impact on layer 2 traffic forwarding Product-Group=junos |
On QFX platforms, if there are a lot of MAC moves, the system might stop new MAC learning and lots of old MAC addresses might be stuck and couldn't be aged and deleted. Due to this issue, could have impact on layer 2 traffic forwarding and the customer service. |
PR Number | Synopsis | Category: Resource Reservation Protocol |
1505834 | The rpd process might crash with RSVP configured in a rare timing case Product-Group=junos |
On all Junos platforms running with the Resource Reservation Protocol (RSVP) configured, when some socket error happens, RSVP might be unable to send message, however the counter for sent messages has already been increased due to the software design defect. The wrong counter might lead to the rpd process crash. It's a rare timing issue and it might be more likely to happen in a scaled scenario. |
PR Number | Synopsis | Category: Generic platform and infra issues for MS-MIC and MS-MPC(XLP) |
1489942 | Prolonged flow-control might happen on MX platforms with MS-MPC/MS-MIC Product-Group=junos |
On MX platforms with MS-MPC/MS-MIC, if there are lots of self-generated packets like TCP-tickle and UDP-logging, there might be data congestion on the data path due to no throttling functionality for such types of packets. When the data path is blocked, prolonged flow-control might happen with the service interfaces being brought down and the PIC reboot. At the same time, the mspmand core file will be generated if dump-on-flow-control is enabled. |
PR Number | Synopsis | Category: MPC7/8/9 Interface Issues |
1436275 | Link flapping with QSFPP-4X10GE-LR on MX204/MX10003 or MPC7E/8E/9E Product-Group=junos |
On MX Series routers with MPC7E, MPC8E, or MPC9E installed, if optics QSFPP-4X10GE-LR (Part number 740-054050) is used, the link might flap. |
PR Number | Synopsis | Category: MX10003/MX204 Platform SW - Chassisd s/w defects |
1315577 | MX10003 : Despite of having all AC low PEM alarm is raised. Product-Group=junos |
An alarm is raised if mixed AC PEMs are present. This occurs because the criteria for checking whether mixed AC is present was changed. If the PEM is AC(HIGH) the first bit of pem_voltage is set, and if it is AC(LOW) the second bit of pem_voltage is set. So if both first and second bit are set, then mixed AC is present. |
PR Number | Synopsis | Category: Trio pfe bridging, learning, stp, oam, irb software |
1439068 | With 19.2, the EVPN-VXLAN Packets egressing IRB may get dropped with traps when there are multiple PFEs involved Product-Group=junos |
With Junos OS Release 19.2R1, the EVPN-VXLAN packets egressing IRB might get dropped with traps when there are multiple Packet Forwarding Engines involved. |
1497203 | The unicast traffic to destination reachable over IRB will be dropped due to PFE mis programming Product-Group=junos |
On MX Series routers with Trio chip set based MPCs,Unicast traffic will get dropped when the destination is reachable over an integrated routing and bridging (IRB) interface participating in the EVPN instance. |
PR Number | Synopsis | Category: VMHOST platforms software |
1349373 | FPCs may reboot continuously until the Routing Engine reboot Product-Group=junos |
On a next-generation Routing Engine (NG-RE), a failure of the Hardware Random Number Generator (HWRNG) will leave the system in a state where there is not enough entropy available to operate. Please refer to TSB17734(http://kb.juniper.net/InfoCenter/index?page=content&id=TSB17734) for more details. |
Getting Up and Running with Junos
Getting Up and Running with Junos Security Alerts and Vulnerabilities Product Alerts and Software Release Notices Problem Report (PR) Search Tool EOL Notices and Bulletins JTAC User Guide Customer Care User Guide Pathfinder SRX High Availability Configurator SRX VPN Configurator Training Courses and Videos End User Licence Agreement Global Search