Support Support Downloads Knowledge Base Case Manager My Juniper Community

Knowledge Base

Search our Knowledge Base sites to find answers to your questions.

Ask All Knowledge Base Sites All Knowledge Base Sites JunosE Defect (KA)Knowledge BaseSecurity AdvisoriesTechnical BulletinsTechnotes Sign in to display secure content and recently viewed articles

17.3R3-S8: Software Release Notification for JUNOS Software Version 17.3R3-S8

0

0

Article ID: TSB17811 TECHNICAL_BULLETINS Last Updated: 25 Jun 2020Version: 1.0
Alert Type:
SRN - Software Release Notification
Product Affected:
ACX, EX, MX, PTX, QFX, NFX, VRR, and VMX
Alert Description:
Junos Software Service Release version 17.3R3-S8 is now available for download from the Junos software download site
Download Junos Software Service Release:
  1. Go to Junos Platforms - Download Software page
  2. Input your product in the "Find a Product" search box
  3. From the Type/OS drop-down menu, select Junos SR
  4. From the Version drop-down menu, select your version
  5. Click the Software tab
  6. Select the Install Package as need and follow the prompts
Solution:

Junos Software service Release version 17.3R3-S8 is now available.

17.3R3-S8 - List of Fixed issues

PR Number Synopsis Category: Software build tools (packaging, makefiles, et. al.)
1417345 The JSU package installation may fail
Product-Group=junos
In a specific scenario, the JSU (Junos OS selective upgrade) package installation on a router which has JET (Juniper Extension Toolkit) package installed may fail due to "Operation not permitted" error. This issue does not impact service and traffic.
PR Number Synopsis Category: DOT1X
1462479 EX-4600-EX-4300: Mac entry missing in Ethernet-Switching table for Mac-radius client in server fail scenario when tagged is sent for 2 client
Product-Group=junos
In a server-fail scenario, when tagged traffic is sent for the first client, MAC learning happens for both data and voice. But for the second client on the same interface, learning happens only for voice. This is because the VLAN is already added for an interface due to first client authentication process.
PR Number Synopsis Category: L2NG RTG feature
1461293 MAC addresses learned on RTG may not be aged out after aging time
Product-Group=junos
MAC addresses learned on redundant trunk group (RTG) might not be aged out after aging time if the source interface is configured as RTG.
PR Number Synopsis Category: EX9200 Platform
1467459 The MAC move message may have an incorrect "from" interface when MAC moves rapidly
Product-Group=junos
On the EX2300/3400/4300/4600/9200 platform, in some cases, if MAC moves rapidly, traffic might be impacted and the MAC move message might have an incorrect "from" interface.
PR Number Synopsis Category: EX2300/3400 PFE
1448071 Unicast arp requests are not replied with no-arp-trap option.
Product-Group=junos
When unicast arp request is received by EX3400/QFX5100 switch and it is configured with "set switch-options no-arp-trap option", the arp request may not be replied. This has been fixed and unicast ARP request will be replied even with "set switch-options no-arp-trap option" configuration.
PR Number Synopsis Category: Platform-side analytics for QFX
1456282 Telemetry traffic might not be sent out when telemetry server is reachable through different routing-instance
Product-Group=junos
On QFX Series switches (except for QFX10000) with Jvision enabled, the telemetry traffic might be locally dropped when the egress interface to the telemetry server is a part of non-default routing-instance.
PR Number Synopsis Category: QFX Multichassis Link Aggregrate
1459201 The MC-LAG configuration-consistency ICL-config might fail after committing some changes
Product-Group=junos
When adding VLANs to an MC-LAG interface, the configuration-consistency ICL-config might fail after committing the changes. Resulting in a failure to add VLANs and a disabled MC-LAG interface.
1488681 MC-LAG consistency check fails if multiple IRB units are configured with same VRRP group
Product-Group=junos
Multichassis Link Aggregation Group (MC-LAG) configuration consistency check fails if the same VRRP group identifier is used for multiple IRB units configuration on the local and remote MC-LAG peers. The fix of this PR corrects the defect and makes the MC-LAG consistency check pass as expected.
PR Number Synopsis Category: QFX PFE L2
1467466 Few MAC addresses might be missing from MAC table in software on QFX5k platform.
Product-Group=junos
On QFX5k platform, if Packet Forwarding Engine process is restarted manually or device reboot occurs, some MAC address(es) might not be seen on software MAC table but MAC address will be present in hardware table.
PR Number Synopsis Category: QFX L3 data-plane/forwarding
1308611 The FPC might crash when implicit filter chaining is attached to an interface
Product-Group=junos
When implicit filter chaining (two or more implicit filters are attached to the same interface) is attached to an interface, in race condition, FPC might crash. For example, on the loopback interface, there is a default DDOS implicit filter exist, so add another implicit filter (e.g. attach a BFD session) to the loopback interface might trigger this issue.
1437943 The IPv4 fragmented packets might be broken if PTP transparent clock is configured
Product-Group=junos
When Precision Time Protocol (PTP) transparent clock is enabled, PTP adds the residence time to the Correction Field of the PTP packets as they pass through the device. On QFX5K platforms with PTP transparent clock enabled, the IPv4 fragmented packets of UDP datagram might be broken by PTP in some rare scenario, and the corrupted packets will be discarded by system. This issue has traffic impact.
1460791 JDI-RCT : QFX 5100 VC/VCF : Observing Error brcm_ipmc_route_counter_delete:3900Multicast stat destroy failed (-10:Operation still running) after ISSU with Mini-PDT base configurations
Product-Group=junos
"multicast stats related errors like " brcm_ipmc_route_counter_delete:3900Multicast stat destroy failed (-10:Operation still running)" will be observed during ISSU and these messages are harmless and does not affect multicast functionality".
1487707 CPU port queue gets full due to excessive pause frames being received on interfaces, this causes control packets from the CPU to all ports to be dropped
Product-Group=junos
On QFX5000 platforms (QFX5100/QFX5110/QFX5120/QFX5200/QFX5210) with point-to-point multi-link scenario, when the switch ingress buffer saturation happens, all interfaces on multi-link stop sending traffic at the same time.
PR Number Synopsis Category: ACX MPLS
1449681 Layer 2 circuit with a "backup-neighbor" (hot-standby) configured may stop forwarding traffic after failovers.
Product-Group=junos
On ACX platforms, if the "backup-neighbor" is configured with the "hot-standby" parameter, then l2circuit may stop passing traffic if the master path is down and back up again (l2circuit switchovers from the master path to the backup path, then moves back from the backup path to the master path).
PR Number Synopsis Category: "agentd" software daemon
1455384 Agentd memory may leak and crash when RPD session closing without releasing memory on PTX or MX
Product-Group=junos
On PTX and MX, agentd memory may leak and crash because its memory leaking happens when the internal communication is broken between agentd and rpd.
PR Number Synopsis Category: MPC Fusion SW
1463859 The MPC2E-NG/MPC3E-NG card with specific MIC might crash after a high rate of interface flaps
Product-Group=junos
If any MIC of type MIC-3D-2XGE-XFP / MIC-3D-4XGE-XFP / MIC-3D-20GE-SFP-E / MIC-3D-20GE-SFP-EH / MIC-MACSEC-20GE is installed in MPC2E-NG/MPC3E-NG card, the Microkernel (uKern) might hog for CPU on Packet Forwarding Engine (PFE) when there is a high rate of interface flaps (~30/40 flaps per second). This will eventually trigger the MPC2E-NG/MPC3E-NG card crash with an NGMPC core file. Normally the excessive interface flapping won't happen frequently in the real-world and it may be caused due to the external environment. This fix will reduce the impact and prevent the uKern hog when having such conditions. The fix for this issue causes a regression as documented in TSB17782 and PR1508794 which affects interfaces with "WAN-PHY" framing.
PR Number Synopsis Category: BBE interface related issues
1440872 The layer2 dynamic VLAN might be missed when an interface is added or removed for an AE interface
Product-Group=junos
On MX-Series platform with dynamic VLAN configuration for subscriber management, if a physical interface is added or removed for an Aggregated Ethernet (AE) interface and if dynamic VLAN is enabled on AE interface, some of the dynamic layer2 interfaces might be deleted from the Packet Forwarding Engine (PFE), but not from bbe-smgd. This will cause the subscriber under the AE interface to be deleted.
PR Number Synopsis Category: BBE OS Infrastructure library
1414333 DHCP/DHCPv6 subscribers might fail to establish sessions on PowerPC based MX platforms
Product-Group=junos
On MX5/10/40/80/104 platforms running with Dynamic Host Configuration Protocol version 4/version 6 (DHCPv4/v6) subscribers, if large-scale subcribers (e.g. around 3500 in total) try to establish sessions simultaneously from multiple access interfaces, the DHCPv4/v6 sessions might always fail to set up due to this issue. As a result, the session set up rate would be much lower than expected.
PR Number Synopsis Category: BBE Resource monitoring related issues
1431566 Subscribers coming from new IFDs might not login in due to 512 entries limit in the subscriber-limit table.
Product-Group=junos
On MX platforms, in subscriber management scenario, if the 512 entries are exhausted in the subscriber-limit table, the subscribers which come from new IFDs might not login in.
PR Number Synopsis Category: Border Gateway Protocol
1387720 BGP sessions might keep flapping on backup Routing Engine if proxy-macip-advertisement is configured on IRB interface for EVPN-VXLAN.
Product-Group=junos
In EVPN+VXLAN scenario, if proxy-macip-advertisement is configured on IRB (Integrated Routing and Bridging) interface for the EVPN (Ethernet VPN), the BGP sessions might flap on backup RE even the system is shown ready for the hitless switchover, hence there might be traffic loss after GRES switchover if BGP sessions are down on backup RE at the time of GRES switchover.
1414021 The rpd gets stuck in a loop while doing the multipath calculation which leads to the high CPU usage
Product-Group=junos
In BGP with the indirect next-hop scenario, if uRPF is enabled, and then enable BGP multipath, a background job loop might be formed and the CPU utilization of rpd process might be stuck at 100%.
1437837 The rpd process crash might be observed if leaking multi-pathed BGP routes from routing-instance to another routing table
Product-Group=junos
This issue applies to Junos platforms with BGP multipath configured under a routing-instance and a RIB group is deployed to leak routes from that routing-instance to another routing table. "rpd" may restarts unexpectedly when performing multipath calculation operations for the secondary routes - (such as, removing the rib-groups/bouncing BGP neighbor under routing-instance.) The secondary routes refer to the second RIB in a RIB (Routing Information Base) group.
1461602 The rpd scheduler slips might be seen on RPKI route validation enabled BGP peering router in a scaled setup
Product-Group=junos
In scaled BGP environment (e.g. global table ~3M routes or more) when there are a lot of (e.g 10k or more) more specific routes for a certain IPv4 or IPv6 prefix covered by some RV (route validation) record, a change in RV records database might lead to rpd (routing protocol daemon) scheduler slips, which could trigger routing protocol adjacency flap. The same could be triggered by executing "clear validation database" command or shortly after initial session RPKI (resource public key infrastructure) establishment event.
1472671 The rpd process might crash with BGP multipath and damping configured
Product-Group=junos
On all Junos platforms running with Border Gateway Protocol (BGP), if both BGP multipath and BGP damping are configured, it might happen that, when the active route, for example r1, is withdrawn but it is not really deleted due to damping, then BGP might be unable to find its original gateway when the route r1 is relearned and becomes the best route again. It will lead to the rpd process crash.
1473351 Removing cluster from BGP group might cause prolonged convergence time
Product-Group=junos
Cluster removal from BGP group might lead to a state where each subsequent change to BGP configuration will trigger import policy reevaluation causing prolonged convergence time of several minutes. This might result in a traffic loss.
1482551 The rpd might be crashed after BGP peer flapping
Product-Group=junos
On all Junos platforms, with BGP long-lived graceful restart (LLGR) or BGP route dampening configuration, The rpd might be cored after BGP peer flapping. This is a day-1 issue.
1487691 High CPU utilization might be observed when the outgoing BGP updates are sending slowly
Product-Group=junos
On all Junos platforms with the BGP routing protocols, the rpd process might go into a high CPU utilization causing slow network convergence. If a BGP peer is receiving and processing BGP updates slowly, this may cause the BGP output queue of the sending BGP peer to be full. When the queue is full it causes high CPU utilization of the BGP IO thread (bgpio, it is part of the rpd daemon) on the sending BGP peer. This defect could cause network-wide slow BGP network convergence. (See also https://kb.juniper.net/TSB17725)
1487893 The process rpd may generate soft cores after "always-compare-med" is configured for BGP path-selection
Product-Group=junos
If a manually configured RIB group or an automatically generated RIB group (through "family inet labeled-unicast resolve-vpn") is used to copy inet.0 (IP routing table) routes to inet.3 (MPLS routing table), the rpd process might continuously generate soft core files after "protocols bgp path-selection always-compare-med" is configured.
PR Number Synopsis Category: Cassis pfe microcode software
1380566 FPC Errors might be seen in subscriber scenario
Product-Group=junos
In subscriber scenario, if the"service-accounting-deferred" is configured on dynamic-profile, and there is multicast to a large number of destinations on the same physical port, the FPC Errors might be seen.
1459698 Silent dropping of traffic upon interface flapping after DRD auto-recovery.
Product-Group=junos
An interface stops forwarding traffic when MX software triggers a "DRD reorder timeout recovery" event follows by an interface flap on the same XMCHIP. When the logic is triggered, you will see a "cmtfpc_xmchip_drd_reorder_id_timeout_callback" message in the PFE syslog messages. This issue affects XM based MPCs (3E 4E 5E 6E 2E-NG 3E-NG).
1464820 MPC5E/6E might crash due to internal thread hogging the CPU
Product-Group=junos
PR 1382182 (which is fixed in 16.2R3 17.1R3 17.3R3-S3 17.3R4 17.4R2-S3 17.4R3 18.1R3-S2 18.1R4 18.2R2 18.2X75-D40 18.3R2 18.4R1 19.1R1) introduced an improper code which could cause an internal thread to hog the CPU and eventually result in the MPC crash. It is a timing issue and affects MPC5E/6E.
PR Number Synopsis Category: MX Platform SW - FRU Management
1390016 The jnxFruState might show incorrect PIC state after replacing an MPC with another MPC having less PICs
Product-Group=junos
After replacing an MPC with another MPC having less PICs, for example MPC7E has only two PICs, and after MPC4E (which has 4 PICs) replacement with such card PICs 3 and 4 that were present in the system before will be reported as offline instead of not present if jnxFruState is polled.
1463169 The RE switchover may not be triggered when the master CB clock failure
Product-Group=junos
On the specific Junos platforms, the RE switchover may not be triggered when the master CB clock failure is detected. The master CB with faulty clock can't operate normally and this issue may cause fabric plane failure.
PR Number Synopsis Category: Class of Service
1428144 The host-inbound packets might be dropped if configuring host-outbound FC
Product-Group=junos
On all Junos platforms, if class-of-service host-outbound-traffic forwarding-class is configured and the FC (Forwarding Class) is with an implicit/explicit discard action in the firewall filter, the kernel might classify the host-inbound traffic to the same FC and being discarded.
1500250 MX with linecards using MPC1-Q/MPC2-Q might report memory errors
Product-Group=junos
MPC1-Q/MPC2-Q parity error might be detected within "QDR/RLD and Internal Memory" and invoking major alarm. The default action for major alarm is disable-pfe with JunOS version 17.3 or higher. Enhancements has been added to auto-correct parity errors within the static memory area and record the repair attempt. If repairing threshold is reached, Major Alarm is triggered.
PR Number Synopsis Category: L2NG Access Security feature
1478375 The process dhcpd may crash in a Junos Fusion environment
Product-Group=junos
On EX92XX platforms with the DHCP snooping configured, if a peer receives DHCPv6 packets from the server without the "client-id" option present, and it is syncing packets to the other side at that time, then the process dhcpd crash may be observed.
PR Number Synopsis Category: Firewall Filter
1450928 The ARP packets are getting dropped by PFE after chassis-control is restarted
Product-Group=junos
If bfd-liveness-detction is enable, chassis-control is performed, in a very rare situation, stale bfd implicit filter causes hostbound arp packet drop. Even if the chassis-control is finished, bgp neighbors still stuck as a result of arp resolution.
PR Number Synopsis Category: dhcpd daemon
1471161 DHCP relay with forward-only might fail to send OFFER messages when DHCP client is terminated on logical tunnel interface
Product-Group=junos
On all Junos platforms, when DHCP relay is configured with forward-only, and DHCP client is terminated on logical tunnel interface that multiple IFLs under this lt- interface have a same VLAN, DHCP relay might fail to send OFFER messages.
PR Number Synopsis Category: JUNOS Dynamic Profile Configuration Infrastructure
1421589 bbemg_smgd_lock_cli_instance_db should not log as error messages
Product-Group=junos
The "bbemg_smgd_lock_cli_instance_db: lock/unlock failed" messages are harmless and should not be considered as error:
PR Number Synopsis Category: dynamic dcd prs
1470622 Executing commit might hang up due to stuck dcd process
Product-Group=junos
When dynamic DHCP sessions are existing in the device, if multiple commits in parallel are performed, the commit might hang up.
PR Number Synopsis Category: EVPN control plane issues
1399371 When committing a configuration for a VLAN adding to an EVPN instance and an AE interface respectively the newly added VLAN interface count might be zero (0) in that bridge domain
Product-Group=junos
On all MX-Series platforms with EVPN supported, when committing a configuration for a VLAN adding to an EVPN instance and an AE interface respectively the newly added VLAN interface count might be zero (0) in that bridge domain and causes all the traffic in that VLAN to be blocked. However, if the two configurations are committed all together in one time, the interface count will be the correct number right after the committing.
1467309 The rpd might crash after changing EVPN related configuration
Product-Group=junos
In EVPN scenario without encapsulation type specified (the default EVPN encapsulation type is set to MPLS), if "vlan-id none" and "vni " is configured in EVPN instance, the rpd might crash after changing EVPN related configuration (such as set the encapsulation as vxlan or delete label-allocation scheme).
PR Number Synopsis Category: EVPN Layer-2 Forwarding
1404857 EVPN database and bridge mac-table are out of sync due to the interface's flap
Product-Group=junos
If some interfaces flap faster on the remote PE, EVPN database and bridge mac-table might be out of sync on the local PE device. When this issue occurs, it may cause the impacted PE broadcasts packets to all the other PEs. And the broadcasted packets might cause traffic congestion which results in packet loss.
PR Number Synopsis Category: Issues related to EX MACsec
1469663 Traffic loss might be seen with framing errors or runts if MACsec is configured on EX4600/QFX5100 platforms
Product-Group=junos
On EX4600/QFX5100 platforms with MACsec configured, if traffic flows through the MACsec-enabled link, increase in framing errors or runts statistics might be seen in the "show interfaces extensive <>" command for the affected interface. Traffic loss might also happen due to this issue.
PR Number Synopsis Category: Express PFE FW Features
1462634 The sample, syslog, or log action in output firewall filters for packets of size less than 128 bytes might cause an ASIC wedge (all packet loss) on PTX platforms
Product-Group=junos
On PTX platforms, if output firewall filter is configured with sample/syslog/log action, the host interface might get wedged for packets with lengths 0-128 including Layer 3 headers.
1491575 BFD sessions start to flap when the firewall filter in the loopback0 is changed
Product-Group=junos
On PTX/QFX10000 Series platforms with large filter configuration (for example, one filter has more than 500 terms or one term has more than 500 filters) scenario, during the change operation of loopback0 filter, the BFD sessions start to flap.
PR Number Synopsis Category: Express PFE L2 fwding Features
1399369 CPU hog may be observed on PTX/QFX10000 Series platform
Product-Group=junos
On PTX/QFX10000 series platform, CPU hog on PFC may be observed if the adaptive feature is enabled to load-balance for an AE interface.
PR Number Synopsis Category: PTX Express ASIC interface
1412126 PTX Series device interface stays down after maintenance.
Product-Group=junos
On PTX3000/PTX5000 linecard (QSFP28-100GBASE-LR4) interface may stay down after software upgrade. Issue is usually observed on links connected to another vendors equipment.
PR Number Synopsis Category: Interface Information Display
1301858 Reported same IFD KV by two different sensors
Product-Group=junos
The duplicate keys have been removed from being exported by IFD:PFE, they will only be exported by MIB2D now.
PR Number Synopsis Category: Libjtask for RPD tasks, scheduler, timers, memory, and slip
1448325 The rpd process might crash if BGP is activated/deactivated multiple times
Product-Group=junos
On all Junos platforms running with Border Gateway Protocol (BGP) configured with "rib-sharding" and "update-threading", if scaled number of BGP peers are established, when BGP is activated/deactivated for multiple times, and BGP neighbor sessions are cleared repeatedly on all the BGP speakers in the network, the rpd process might crash due to this issue.
PR Number Synopsis Category: Kernel software for AE/AS/Container
1474300 A newly added LAG member interface might forward traffic even though its micro BFD session is down
Product-Group=junos
On all Junos platforms, if a static Link Aggregate Group (LAG) is configured, and Bidirectional Forwarding Detection (BFD) is enabled on the LAG which is also called as micro BFD, a newly added member link might start to forward traffic immediately when the configuration change commits even though its micro BFD session is still down, for example, add a new member interface only on single end, and the remote member interface is disabled or not added. Therefore, traffic loss might be seen due to this issue.
PR Number Synopsis Category: Optical Transport Interface
1429279 After member interface flapping, aggregated Ethernet interface remains down on 5X100GE DWDM CFP2-ACO PIC.
Product-Group=junos
On 5X100GE DWDM CFP2-ACO PIC on PTX series platforms, if any AE member interface flaps, the AE interface might stop receiving the LACP RX packets and fail to come up. It can be recovered by disabling/enabling the AE interface.
PR Number Synopsis Category: ISIS routing protocol
1455432 The rpd might crash continuously due to memory corruption in ISIS setup
Product-Group=junos
With ISIS configured and in a very rare case, memory corruption may occur, this may cause rpd crash continuously.
PR Number Synopsis Category: Adresses ALG issues found in JSF
1483834 FTPS traffic might get dropped on SRX Series or MX Series platforms if FTP ALG is used.
Product-Group=junos
On SRX Series or MX Series platforms with FTP ALG enabled, if there are more than one FTPS connection between a pair of FTP client and server, the closure of one connection might cause other connections between that pair of FTP client and server to be affected, hence there might be traffic impact. It is a rare timing issue.
PR Number Synopsis Category: Firewall Authentication
1475435 SRX Series: Unified Access Control (UAC) bypass vulnerability (CVE-2020-1637)
Product-Group=junos
A vulnerability in Juniper Networks SRX Series device configured as a Junos OS Enforcer device may allow a user to access network resources that are not permitted by a UAC policy; Refer to https://kb.juniper.net/JSA11018 for more information.
PR Number Synopsis Category: Security platform jweb support
1499280 Junos OS: Security vulnerability in J-Web and web based (HTTP/HTTPS) services
Product-Group=junos
Junos OS: Security vulnerability in J-Web and web based (HTTP/HTTPS) services (CVE-2020-1631). Refer to https://kb.juniper.net/JSA11021 for more information.
PR Number Synopsis Category: Layer 2 Circuit issues
1498040 The l2circuit neighbor might be stuck in RD state at one end of MG-LAG peer
Product-Group=junos
In MC-LAG scenario, if the l2circuit is configured with primary-neighbor/backup-neighbor over the MC-LAG link and the l2ckt (l2ciruits control daemon for pseudowire) session of the primary-neighbor/backup-neighbor is flapped continuously (such as clear neighbor ldp and ospf etc), one of the remote neighbors may be stuck in RD (the remote pseudowire neighbor is down) state due to race condition between VC (virtual circuit) state update timer and L2ckt intf state change timer. Then, that pseudowire might be down, the traffic might be impacted if the RD pseudowire is not up.
PR Number Synopsis Category: Layer 2 Control Module
1473610 ERP might not come up properly when MSTP and ERP are enabled on the same interface.
Product-Group=junos
When both MSTP and ERP are enabled on the same interface, then ERP does not come up properly.
PR Number Synopsis Category: mc-ae interface
1447693 The l2ald might fail to update composite NH
Product-Group=junos
This is a timing issue where the l2ald receive underlay NH from rpd as part of LSI IFF ADD (VPLS core NH) and creates flood NH. Due to a flap at local IFL or core (VPLS etc.), the l2ald receives multiple LSI IFF Add and Delete in some order. In some sequence where rpd delete underlay NH from Kernel Forwarding table but the l2ald still create flood NH with this underlay NH, because IFF delete is yet to be received at the l2ald, so l2ald might fail to update Composite NH. This is generic L2 issue and can happen without mc-ae.
PR Number Synopsis Category: Platform issues specific to MS-MIC (XLP)
1384830 Major Errors - XM Chip Error code: 0x701ca" seen after OIR of MIC's
Product-Group=junos
When a MIC is removed without being off-line from the MPC2E NG/MPC3E NG line card, the MPC2E NG/MPC3E NG card will report "Major Error" with the error id "XM Chip Error code: 0x701ca".
PR Number Synopsis Category: Application specific PRs (cos/snmp/time-sync/routing/BRAS)
1429797 Extended Ukern thread(PFEBM task) priority to support BBE performance tuning
Product-Group=junos
Original PFEBM task, which is system-critical for internal network performance/resilience, was running a medium priority; Can see tnp queue errrors by 'show pfebm all' on VCP-bearing FPC when high rate of punt traffic (like ARPs or BGP route updates, etc.) which go through VC links. It needs to run at high priority to assure timely packet handling.
PR Number Synopsis Category: Multiprotocol Label Switching
1497641 The rpd might crash when SNMP polling is done using OID "jnxMplsTeP2mpTunnelDestTable"
Product-Group=junos
In a very rare P2MP with SNMP scenario, if the OID "jnxMplsTeP2mpTunnelDestTable" is polled by SNMP, the rpd (Routing Protocol Daemon) might crash since the relevant value is empty on the device and SNMP can not walk it at that time.
PR Number Synopsis Category: Multicast for L3VPNs
1460625 The rpd process might crash due to memory leak in "MVPN RPF Src PE" block
Product-Group=junos
In NG-MVPN scenario with multiple multicast sources, the rpd process might crash due to memory leak in "MVPN RPF Src PE" block.
PR Number Synopsis Category: Fabric Manager for MX
1338647 An enhancement for better accuracy on the drop statistic of the command "show class-of-service fabric statistics"
Product-Group=junos
The output of the CLI command show class-of-service fabric statistics now calculates traffic that was dropped because of internal errors in the fabric forwarding path.
PR Number Synopsis Category: Neo Interface
1400825 A 10-Gigabit Ethernet interface may not come up if it has the "link-down" configured in the low-light scenario
Product-Group=junos
On MX platform, on a link which both ends have 10G Ethernet interfaces with "link-down" action configured when a low light condition is detected on one 10G interface and goes down, the link will end up in a "dead-lock" state. This condition will remain even after link restoration.
PR Number Synopsis Category: Track Mt Rainier RE platform software issues
1408480 The alarm 'Mismatch in total memory detected' is observed after issuing "request reboot vmhost routing-engine both".
Product-Group=junos
Alarm 'Mismatch in total memory detected' is observed after reboot vmhost both.
PR Number Synopsis Category: Kernel Composite Next Hop (composite / l3vpn) Infrastructure
1287956 Not following the guideline of rebooting entire chassis after changing chassis network-services configuration can cause vmcore and crash of FPCs/routing-engines on chassis.
Product-Group=junos
When configuration at hierarchy [edit chassis network-services] is changed a reboot of chassis is needed to avoid any unexpected behavior. One such behaviour is an assest condition due to issues in nexthop allocation leading to vmcore and reboot of FPCs/REs on the chassis. This PR introduces changes to handle such assert conditions gracefully and to avoid FPC/RE crash. The guideline of rebooting the entire chassis when configuration change is made is still valid.
PR Number Synopsis Category: FreeBSD Kernel Infrastructure
1146891 The knob of "set system ports console log-out-on-disconnect" may not work
Product-Group=junos
"set system ports console log-out-on-disconnect" does not work.
PR Number Synopsis Category: "ifstate" infrastructure
1486161 Kernel core might be seen if deleting an ifstate
Product-Group=junos
On all Junos platforms, some operations such as configuration change may cause state information to change and eventually cause the ifstate to be deleted. In a very rare case, deleting an ifstate (kernel state) might cause kernel core and RE (Routing Engine) restart. There is no specific trigger, this issue is reported by the configuration change.
PR Number Synopsis Category: Kernel MPLS / Tag / P2MP Infrastructure
1493053 Backup RE might crash unexpectedly due to a rare timing issue
Product-Group=junos
The backup Routing Engine might crash unexpectedly due to a rare timing issue during a route churn in the network.
PR Number Synopsis Category: PFE Peer Infra
1448858 Interface attributes might cause high CPU usage of dcd
Product-Group=junos
When the interface attributes are configured, this configuration might cause an error in the IRSD (IRSD syncing errors) and lead the CPU usage of dcd spike up. The convergence time of this interface will be impacted.
PR Number Synopsis Category: Kernel socket data replication issues for protocols that use
1472519 The kernel may crash and vmcore may be observed after configuration change is committed
Product-Group=junos
On all Junos platforms, after committing the configuration change (e.g. removal of protocols like mpls, isis, ldp from the interfaces), then the kernel may crash and vmcore may be observed. This issue also may cause protocol adjacency failure.
PR Number Synopsis Category: TCP/UDP transport layer
1449664 FPC might reboot with vmcore due to memory leak
Product-Group=junos
On all Junos platforms, if the device is up for a long period (e.g. several weeks or months), there might be a slow memory leak happening in some error scenarios where an application tries to send some data on a stale TCP socket (e.g. short-lived TCP connections used by the mgd process), and this issue might lead to FPC reboot with vmcore files.
PR Number Synopsis Category: PTX Broadway based PFE MPLS-LSPs RSVP VPNs tcc ccc software
1484255 FPC might crash when dealing with invalid next-hops
Product-Group=junos
On a PTX3000 or PTX5000 platform with some specific FPCs, if the weights of links are set to an invalid value on an AE bundle interface or unilist (an unilist next hop composed of several unicast next-hops), an FPC crash might be observed. It is a rare issue and the FPC will try to reload to resolve this problem. Traffic loss might be seen before the FPC completes the reload period.
PR Number Synopsis Category: PTX5KBroadway based PFE IPv4, IPv6 software
1479789 Multicast routes add/delete events might cause adjacency and LSPs to go down
Product-Group=junos
In PTX5000 platform with (FPC2-PTX-P1A | FPC-PTX-P1A), or PTX3000 with FPC-SFF-PTX-P1-A, with PIM/MVPN scenario, The adjacency relationships of routing protocols and LSPs might go down if add/delete some multicast routes (which can be achieved by flapping interface or protocol) ). It is because that though the routes are deleted, its counter for statistic will not be removed from Junos resulting in memory block for counter exhaustion. And due to the exhaustion, any protocols that are sharing the same memory scope might fail to allocate its own counter, which eventually causes protocol adjacency and LSPs to go down. [TSB17747]
PR Number Synopsis Category: vMX Platform Infrastructure related issue tracking
1419727 The vMX might be deployed unsuccessfully on ubuntu 16.04 server for the first time
Product-Group=junos
In the scenario of deploying the vMX on the KVM based platforms (ubuntu 16.04), The vMX orchestration scripts setup up hugepages required for the vMX. The libvirt will use this hugepages to deploy the vMX. Then libvirt will be restarted so that the system can allocate resources (hugepages) to libvirtd. Sometimes system takes time to allocate these resources and hence the vMX might fail to be spawned by the orchestration scripts. The issue might not happen when the vMX is deployed for the second time.
PR Number Synopsis Category: VMX wrlinux changes
1386903 vFPCs are in "Offline" and "Unresponsive" caused by RIOT processes fail to allocate buffer memory during start up
Product-Group=junos
vFPCs on a VMX -- especially in LITE mode -- show as "---Unresponsive---". In the LITE mode, these vFPCs could be running in a 32-bit mode. In the 32-bit mode, the amount of buffer memory (mbuf) is limited to 1G. The limit causes vFPC to not being able to come up -- caused by failing to allocate memory during its startup.
PR Number Synopsis Category: PTP related issues.
1421811 PTP might not work on MX104 if phy-timestamping is enabled
Product-Group=junos
On MX104 platform with any 2-port license installed on 10G interfaces and phy-timestamping enabled in PTP, PTP might not work.
PR Number Synopsis Category: Interface related issues. Port up/down, stats, CMLC , serdes
1449406 CRC error might be seen on the VCPs of the QFX5100 VC
Product-Group=junos
In QFX5100 VC (Virtual Chassis) scenario, CRC (Cyclic Redundancy Check) error might be seen on the VCPs (Virtual Chassis Port) when the VCPs are "BCM84328 PHY" ports. The CRC error indicates there is data corrupt, the issue might reduce the system performance. The issue can be avoided by using non-"BCM84328 PHY" ports as VCPs to build the VC.
1449406 CRC error might be seen on the VCPs of the QFX5100 VC
Product-Group=junosvae
In QFX5100 VC (Virtual Chassis) scenario, CRC (Cyclic Redundancy Check) error might be seen on the VCPs (Virtual Chassis Port) when the VCPs are "BCM84328 PHY" ports. The CRC error indicates there is data corrupt, the issue might reduce the system performance. The issue can be avoided by using non-"BCM84328 PHY" ports as VCPs to build the VC.
PR Number Synopsis Category: QFX Control Plane Kernel related
1421250 A vmcore is seen on QFX VC
Product-Group=junos
On QFX Series Virtual Chassis during shutdown, if an interrupt is received, the system gets into this state and vmcore is observed.
1421250 A vmcore is seen on QFX VC
Product-Group=junosvae
On QFX Series Virtual Chassis during shutdown, if an interrupt is received, the system gets into this state and vmcore is observed.
PR Number Synopsis Category: QFX Platform related (SYSLOG/ALARMS/miscellaneous)
1402852 File permissions are changed for /var/db/scripts files after reboot
Product-Group=junosvae
On newer QFX5K switches(QFX5K switch with qfx-5e image), file permissions are changed for /var/db/scripts files after reboot. This can impact scripts running on the box.
1449977 FPC does not restart immediately after rebooting the system. That might cause packet loss
Product-Group=junosvae
On QFX10008 and QFX100016 switches, the traffic drop occurs after rebooting the system due to the time delay in rebooting the FPC.
1471216 The speed 10m might not be configured on the GE interface
Product-Group=junos
On QFX5100 and EX4300 mixed-mode Virtual Chassis, the speed 10m might not be configured on the GE interface.
PR Number Synopsis Category: QFX PFE Class of Services
1453512 The classifier configuration doesn't get applied to the interface in an EVPN/VXLAN environment
Product-Group=junos
On QFX5100/QFX5110/QFX5120/QFX5200/QFX5210 Series platforms with an EVPN/VXLAN scenario, the classifier might not be applied to the interface successfully and all traffic flows in the best-effort queue.
PR Number Synopsis Category: FIP snooping, FIP
1325408 Syslog message ERROR l2cpd[X]: ppmlite_var_init: iri instance = 36736
Product-Group=junos
The error message "ppmlite_var_init: iri instance = 36736" is harmless and gets trigger whenever interface-speed is changed.
PR Number Synopsis Category: QFX L2 PFE
1473685 The RIPv2 packets forwarded across a L2circuit connection might be dropped
Product-Group=junos
When RIPv2 routes are received on a QFX5100/EX4600 platforms, either to or from an L2 circuit connection, such packets are not propagated. This includes directed unicast RIPv2 packets.
PR Number Synopsis Category: QFX MPLS PFE
1474935 L2circuit might fail to communicate via VLAN 2 on QFX5K platforms
Product-Group=junos
On QFX5K platforms acting as L2circuit PE (tunnel terminating node), if VLAN 2 is used for L2circuit communication with CE node, the VLAN 2 packets might be dropped on PE.
PR Number Synopsis Category: QFX EVPN / VxLAN
1473464 QFX5K: "global-mac-table-aging-time" behavior with Multi homed EVPN VXLAN ESI
Product-Group=junos
When MAC change notification comes from L2 address learning daemon to PFE, PFE will handle this as MAC addition. That will cause the reset of MAC age timer in all FPC's of VC members in multi homed EVPN VXLAN-ESI cases. As part of MAC change HIT SA (Source Address) bits are wrongly programmed and leads to restart of the MAC age timer. So, MAC was aging in 3rd iteration and leading to this issue.
PR Number Synopsis Category: QFX VC Infrastructure
1414492 VC Ports using DAC may not establish link on QFX5200
Product-Group=junos
On QFX5200, when virtual-chassis is configured, if the QSFP configured as VCP is removed and then inserted, VC Ports using direct attach copper (DAC) may not establish link.
PR Number Synopsis Category: KRT Queue issues within RPD
1485800 krt-nexthop-ack-timeout may not automatically be picked up on rpd start / restart
Product-Group=junos
In some circumstances, primarily when rpd is being restarted. The value for krt-next-hop-ack-timeout may not automatically be picked up. This can be checked by checking the output of "show krt acknowledgement" and examining the value of "Kernel Next Hop Ack Timeout".
1501817 Traffic blackhole might be seen in fast-reroute scenario
Product-Group=junos
From Junos release 17.2R1-S8 the session fast-reroute is enabled by default in PFE (Packet Forwarding Engines). In the platform using unilist (one kind of indirect next-hop) as route next hop type for multiple paths scenario (such as BGP PIC or ECMP), if BGP PIC or ECMP-FRR is used, In case of that the version-id of session-id of indirect next-hop (INH) is above 256, PFE might not respond to session update and hence it might cause the session-id permanently to be stuck with the weight of 65535 in PFE. It might lead PFE to have a different view of UNILIST against load-balance selectors. Then, the BGP PIC and the ECMP-FRR might not work properly, the traffic blackhole might be seen.
PR Number Synopsis Category: RPD Next-hop issues including indirect, CNH, and MCNH
1406070 The rpd might crash or duplicated routes might be seen if doing configuration change with BGP multipath and flapping routes
Product-Group=junos
On all platforms, if doing configuration change (with BGP multipath) and flapping the IGP/LDP/RSVP routes simultaneously, the rpd crash or duplicated routes might be seen.
PR Number Synopsis Category: RPD policy options
1450123 The rib-group might not process the exported route correctly
Product-Group=junos
The rib-group with a policy that matches route next-hop can fail to add the route to the secondary routing table when matched route next-hop is changed to another one and then referred back again after some time. This issue has traffic impact as the exported route will lose in the secondary routing table.
1453439 Routes resolution might be inconsistent if any route resolving over the multipath route
Product-Group=junos
On all Junos platforms, any route resolving over the multipath routes, one scenario is BGP over BGP. After the metric value of any PNH (refers to the second PNH and using it to perform the second time next-hop resolving) changes, meanwhile, if the hash-selection changes happened, it might result in routes resolution inconsistency. Traffic drops could be observed if the packages are still forwarding to the old PNH (Protocol Next Hop). Any recursive resolving multipath scenario might trigger this issue.
PR Number Synopsis Category: show route table commands, tracing, and syslog facilities
1418152 The rpd crash might be seen after changing the OSPF/OSPF3 interface bandwidth
Product-Group=junos
In OSPF/OSPF3 scenario, "set interface unit bandwidth" or ae member-links down/up may change the value of "OSPF reference bandwidth/interface bandwidth", then trigger rpd crash.
1421076 RPD crash might occur when changing prefix list address from IPv4 to IPv6
Product-Group=junos
RPD crash might occur when changing a prefix-list address from IPv4 to IPv6 with "replace-pattern"
PR Number Synopsis Category: Resource Reservation Protocol
1476773 RSVP LSPs might not come up in scaled network with very high number of LSPs if NSR is used on transit router
Product-Group=junos
If NSR is enabled on transit router with scaled RSVP LSPs, RESV message might not be sent from transit router because the path messages replication on master RE does not complete in time. Hence RSVP LSPs might not come up with traffic impact.
PR Number Synopsis Category: jflow/monitoring services
1439630 Sampling might return incorrect ASN for BGP traffic
Product-Group=junos
In a BGP scenario with sampling enabled, incorrect ASN (autonomous system number) might be returned for the traffic originated from an internal prefix. This is because some AS paths and routes don't hold the latest information in the message buffers that srrd (sampling route-record daemon) uses to send to the clients.
PR Number Synopsis Category: Sangria Platform including chassisd, RE, CB, power managemen
1471178 A PTX5K SIB3 might fail to come up in slot 0 and/or slot 8 when RE1 is master.
Product-Group=junos
A PTX5K SIB3 might fail to come up in slot 0 and/or slot 8 when RE1 is master.
PR Number Synopsis Category: Generic platform and infra issues for MS-MIC and MS-MPC(XLP)
1464020 The mspmand might crash when stateful firewall and RPC ALG used on MX platforms with MS-MIC/MS-MPC
Product-Group=junos
On MX platforms with MS-MIC/MS-MPC, when stateful firewall is configured with "application junos-dce-rpc-portmap" and RPC ALG is enabled (both Sun RPC and MS-RPC), the mspmand might crash continuously (about every 15 or 20 minutes).
PR Number Synopsis Category: MPC7/8/9 Interface Issues
1463015 The EA WAN SerDes gets into a stuck state, leading to continuous DFE tuning timeout errors and link staying down.
Product-Group=junos
The interfaces on certain MX platforms might get stuck in a down state, if the remote interface sends invalid code to the local interface. Link might not come up even after the remote peer has begun sending a good signal.
PR Number Synopsis Category: Stout PF fabric (SFB2)
1461356 Traffic might be impacted because the fabric hardening is stuck
Product-Group=junos
Fabric hardening (FH) is the process of controlling bandwidth degradation to prevent traffic black hole. When FH is processing, if SFB/SCB get failure, FH process will be stuck, which will get traffic lost.
PR Number Synopsis Category: MX10003/MX204 Platform SW - Chassisd s/w defects
1436832 The device may not be reachable after a downgrade from some releases
Product-Group=junos
The master routing-engine on an MX10003 may hang during a reboot after a software upgrade or downgrade. The back-up roting-engine does not subject to the same software issue.
PR Number Synopsis Category: Trio LU, IX, QX, MQ chip drivers, ucode & related SW
1449427 On certain MPC line cards, cm errors need to be reclassified.
Product-Group=junos
Cm errors on certain MPC line cards are classified as major which should be minor or non-fatal. If these errors are generated, it might get projected as a bad hardware condition and therefore trigger Packet and Forwarding Engine disable action.
PR Number Synopsis Category: Issues related to broadband edge apps (PPP, DHCP) on Trio ch
1476786 Traffic loss may be observed to the LNS subscribers in case the "routing-service" knob is enabled under the dynamic-profile
Product-Group=junos
On the MX platforms working in an enhanced subscriber environment, if the "routing-service" knob is enabled under the dynamic-profile for the LNS subscribers, l2tp services may not be programmed properly in the PFE due to timing, which causes forwarding issue to the affected subscribers.
PR Number Synopsis Category: Trio pfe stateless firewall software
1427936 The policer bandwidth might be incorrect for the aggregate interface after activating the command 'shared-bandwidth-policer'.
Product-Group=junos
On MX Series with MPC, if an AE interface is with the filter of 'shared-bandwidth-policer' and the knob 'shared-bandwidth-policer' is deactivated, after activating the knob 'shared-bandwidth-policer', the policer bandwidth might be calculated as 0 and all traffic might be dropped for the AE interface.
1433034 The FPC might crash when the firewalls filter manager deals with the firewall filters
Product-Group=junos
In some corner scenarios (e.g. the IGP neighbor flaps on the IFL configured with the firewall filters), the crash of FPC might be observed if the firewalls filter manager (DFW) deals with the filters of the interface.
PR Number Synopsis Category: Trio pfe bridging, learning, stp, oam, irb software
1491091 MAC malformation might happen in a rare scenario under MX-VC setup
Product-Group=junos
On MX-VC setup, if traffic is going through a VCP (virtual chassis port) port and forwarding to an egress port to the destination, while the traffic is handled entirely by the same PFE, MAC malformation might happen.
PR Number Synopsis Category: Trio pfe multicast software
1478981 The convergence time for MVPN fast upstream failover might be more than 50ms
Product-Group=junos
On MX platforms which act as Next Generation Mulicast Virtual Private Network (NG-MVPN) Provider Edge (PE) routers, if the hot-root-standby and sender-based-rpf features are configured to enable MVPN fast upstream failover, once the primary multicast flow rate falls below the configured "mvpn hot-root-standby min-rate rate" threshold, the egress PE router is supposed to take switchover action from the primary flows to the backup ones, and the covergence time should be within 50 milliseconds. Due to this issue, the covergence time might be more than 50ms and reach up to several seconds (e.g. 2~3s) in a highly scaled scenario (e.g. the number of the multicast groups undergoing the switchover simultaneously is greater than 250 groups). This will result in more traffic loss than expected.
PR Number Synopsis Category: Issues related to port-mirroring functionality on JUNOS
1411871 Egress monitored traffic is not mirrored to destination for Analyzers on MX router
Product-Group=junos
Egress monitored traffic is not mirrored to destination for Analyzers on MX router
PR Number Synopsis Category: Configuration mgmt, ffp, load-action, commit processing
1410322 The configuration database might not be unlocked automatically if the related user session is disconnected during the commit operation in progress
Product-Group=junos
Configuration database remains locked after stopping the SSH session.
1441795 Junos OS: Privilege escalation vulnerability in dual REs, VC or HA cluster may allow unauthorized configuration change. (CVE-2020-1630)
Product-Group=junos
A privilege escalation vulnerability in Juniper Networks Junos OS devices configured with dual Routing Engines (RE), Virtual Chassis (VC) or high-availability cluster may allow a local authenticated low-privileged user with access to the shell to perform unauthorized configuration modification. Refer to https://kb.juniper.net/JSA11010 for more information.
PR Number Synopsis Category: UI Infrastructure - mgd, DAX API, DDL/ODL
1401505 Command "show | compare" output on global group changes lose the diff context after a rollback or 'load update' is performed
Product-Group=junos
Command "show | compare" output displays the output in patch format. Changes in the global groups loses the context in the patch if a rollback or 'load update' is performed. The context loses until the commit is performed. This issue can be resolved by using fast-diff option.
1464439 The CPU utilization on mgd daemon might be stuck at 100% after the netconf session is interrupted by flapping interface
Product-Group=junos
If a netconf session is initiated over inband connection, the CPU utilization on mgd daemon might be stuck at 100% after the netconf session which is executing an RPC call for some commands gets interrupted by flapping interface. There is no impact observed to control-plane or forwarding-plane, the subsequent netconf session will continue to function.
PR Number Synopsis Category: PTX/QFX100002/8/16 platform software
1464119 An FPC might restart during runtime on PTX10000 or QFX10000 lines of devices.
Product-Group=junosvae
On PTX10000 or QFX10000 platforms, FPC might restart if there is some corruption in BCM (Broadcom) switch (a small internal ethernet switch, instead of PFE engine) inside the FPC. It is a timing issue. The reason is that the PCIe speed configuration for BCM switch is not correct. And this issue is resolved in some FPC U-boot versions.
PR Number Synopsis Category: VMHOST platforms software
1436201 ifHCInOctets counter on AE interface going to ZERO value when snmp mib walk execute.
Product-Group=junos
Customer found ifHCInOctets counter on AE interface going to ZERO when snmp gets those value via both CLI and remote snmp get commands.
PR Number Synopsis Category: Virtual Router Redundancy Protocol
1450652 Dual VRRP mastership might be seen after RE switchover ungracefully
Product-Group=junos
When VRRP works in distributed mode (ie. delegate-processing is enabled under VRRP) with more than 250 VRRP sessions, dual VRRP mastership might be observed after RE switchover ungracefully (e.g. master RE failure).
1454895 The VRRP traffic loss is longer than one second for some backup groups after performing GRES
Product-Group=junos
On all Junos OS platforms, configuring VRRP over the AE interface whose member physical interfaces belong to different PFE (packet forwarding engine), some backup VRRP groups traffic loss are observed longer than one second after performing GRES (graceful Routing Engine switchover). As the expectation is that the outage is subsecond.
 

17.3R3-S8 - List of Known issues

PR Number Synopsis Category: ESWD
1192520 GARPs being sent from the switch once in 10 minutes
Product-Group=junos
GARPs were being sent whenever there is a mac (fdb) operation (add or delete). This is now updated to send GARP when interface is UP & l3 interface attached to the vlan.
PR Number Synopsis Category: Kernel
1376362 The kernel crash when GRES configuration is enabled and committed
Product-Group=junos
Mid Scale Licenses (ML) is installed and GRES is not enabled in the chassis. This means, forwarding information base (FIB) scale would be 512k in master and 256k in backup. When the master RE is operating at scale beyond 256K (e.g 300K), Under this state, once GRES configuration is enabled and committed, a ksyncd core and a vmcore can be seen on backup RE.
PR Number Synopsis Category: EX4300 PFE
1369461 ex4300 : firewall filter applied on L3 interface is not counting eBGP packets
Product-Group=junos
firewall filter applied on L3 interface cannot count eBGP packets eBGP packets comes with ttl=1 so they cannot hit the interface filters. We can catch ttl=1 packets only on loopback filter. Ttl=1 packets are not treated as routable packets. This is an expected behavior in case of ttl=1.
PR Number Synopsis Category: QFX Multichassis Link Aggregrate
1454764 ARP reply unicast packets might be flooded to all interfaces in the vlan
Product-Group=junos
Flooding of ARP reply unicast packets is seen as a result of an ARP request sent for the device's VRRP MAC address. The ARP reply, which is flooded in the VLAN by the device, has the correct DMAC of the originator of the ARP request. In other words, the ARP reply is flooded but with the correct unicast DMAC. The ARP reply is not broadcasted. It is independent of MCLAG and VRRP scenario.
PR Number Synopsis Category: QFX PFE L2
1339348 On QFX platforms the Q-in-Q encapsulated IFL interface shows all statistics as zero
Product-Group=junos
Statistics at the logical level (IFL) are not supported in QFX platforms for layer 2 interfaces. This limitation is not specific to service-provider or enterprise style configuration. It is valid for all layer 2 interfaces, trunk or access.
1447333 Packet might be dropped on QFX5100/QFX5200/EX4600
Product-Group=junos
On QFX5100/QFX5200/EX4600, in Junos 18.1 release, if there are multiple layer 3 sub interfaces on multiple interfaces, packet might be dropped when multiple layer 3 subinterface config added and rollbacks happens.
PR Number Synopsis Category: QFX L3 data-plane/forwarding
1407175 JDI-RCT : QFX-5100 VC/VCF : Observed Error BRCM_NH-,brcm_nh_bdvlan_ucast_uninstall(),128:l3 nh 6594 unintsall failed in h/w with Mini-PDT base configurations
Product-Group=junos
On QFX5100 Virtual Chassis or Virtual Chassis Fabric, when the mini-PDT-base configuration is issued, the following error message is seen in the hardware: BRCM_NH-,brcm_nh_bdvlan_ucast_uninstall(), 128:l3 nh 6594 unintsall failed. There is no functionality impact because of this error message.
1443507 IPv6 connectivity between MC-LAG peers might fail when multiple IRB interfaces are present
Product-Group=junos
On all Junos platforms which are enabled with MultiChassis Link Aggregation Group (MC-LAG), if there are multiple Integrated Routing and Bridging (IRB) interfaces present, and the Inter Chassis Link (ICL) is also connected over an IRB interface, when both MC-LAG peers have not learnt link-local addresses and IPv6 ping is firstly initiated from the remote peer, the Neighbor Solicitation (NS) packet might take ICL path and couldn't get answered properly.
1444845 CRC errors might be seen on QFX5100-VC
Product-Group=junos
In QFX5100 Virtual Chassis(VC) scenario, if the VC connections are disconnected for any reason, like rebooting the switch or pulling out the optical module, the CRC errors and packets loss might be seen when the VC connections resume working again. Due to the VCP ports are not getting initialized properly.
1459329 OSPF stuck at Exchange state for lag interfaces in a QFX5100-EX4300 mixed VC setup whose child members belong to EX4300 after Rebooting VC.
Product-Group=junos
OSPF stuck at Exchange state for lag interfaces in a QFX5100-EX4300 mixed VC setup whose child members belong to EX4300 after Rebooting VC.
1475825 IPv6 NA (ff02::1 - All node multicast) is not forwarded through QFX5110-VC with IRB.
Product-Group=junos
IPv6 NA packets are being dropped on FPC2 due to incorrect filter (icmpv6-nd) is hit which has drop action. IPv6 NA packets must hit -ipv6_linklocal dynamic filter. -ipv6_linklocal filter is not hit because InPorts qualifier is incorrect.
1485612 FPC may go to "NotPrsnt" state after upgrading with non-tvp image in VC/VCF setup
Product-Group=junos
On EX4600/QFX5100 platform, there are two types of PIC (Physical Interface Card). The first one is PIC with the integrated PHY capability (called PHYLESS). The second one is PIC with an external PHY capability (called PHY). If VCPs (Virtual Chassis Port) are configured on external PHY capability PIC(s), the FPC(s) might go to "NotPrsnt" state after upgrading with non-tvp image in VC/VCF setup. The affected FPC(s) cannot be used to forwarding traffic.
PR Number Synopsis Category: JUNOS kernel/ukernel changes for ACX
1076943 SNMP MIB walk/get/set on jnxDomCurrentTable and jnxDomNotifications might fail on ACX platforms
Product-Group=junos
SNMP MIB walk/get/set on jnxDomCurrentTable and jnxDomNotifications might fail on ACX platforms while relevant CLI shows proper output.
PR Number Synopsis Category: ACX MPLS
1488614 Local switching in VPLS in ACX does not carry the inner vlan with input-vlan-map pop and output-vlan-map push operation
Product-Group=junos
In VPLS local switching scenario, the packet can never be double tagged even if we have a push operation in output vlan map. As it is a Product limitation.
PR Number Synopsis Category: "agentd" software daemon
1363199 Streaming telemetry data might not be received by one client when two clients subscribe to the same path with same frequency at the same time.
Product-Group=junos
Streaming telemetry data might not be received by one client when two clients subscribe to the same path with same frequency at the same time. This is because there could be a potential race condition for sensor ID allocation.
PR Number Synopsis Category: MPC Fusion SW
1508794 A Regression issue introduced by PR1463859 causing WAN-PHY interface continuously flaps with default hold-time down of 0
Product-Group=junos
PR1463859 introduces a software defect that causes a 10GE interface to flap continuously when configuring with the WAN-PHY framing with the default "hold-down" timer (0). Once upgrading a router to an affected software release, the interface may flap continuously. This is not applicable to an interface with the default framing - LAN-PHY.
PR Number Synopsis Category: MX Layer 2 Forwarding Module
1424635 RE kernel crashes may be seen in EVPN scenario when proxy arp is enabled
Product-Group=junos
In EVPN scenario when proxy arp is enabled and the lowest 3 bytes of irb logical interface's address are zero, RE kernel crashes may be seen if IPv6 address is configured on irb logical interface and then got removed.
1451959 Junos OS: MX Series: Crafted packets traversing a Broadband Network Gateway (BNG) configured with IPv6 NDP proxy could lead to Denial of Service (CVE-2020-1633)
Product-Group=junos
Due to a new NDP proxy feature for EVPN leaf nodes introduced in Junos OS 17.4, crafted NDPv6 packets could transit a Junos device configured as a Broadband Network Gateway (BNG) and reach the EVPN leaf node, causing a stale MAC address entry. This could cause legitimate traffic to be discarded, leading to a Denial of Service (DoS) condition. Refer to https://kb.juniper.net/JSA11012 for more information.
PR Number Synopsis Category: BBE interface related issues
1480154 commit check is needed for vlan-overlap configuration
Product-Group=junos
commit check is needed for vlan-overlap config
PR Number Synopsis Category: MIBs related to BBE
1476596 The bbe-mibd might be crashed on MX platform in subscriber enviroment
Product-Group=junos
On all MX platform with subscirber enviroment, when about 600 subscribers on line and Simple Network Management Protocol (SNMP) query OID from IPv6IfTable only constantly, memory leaking with leaking size about 1KB each time might be happened. The bbe-mibd will be crashed as memory leaking size keep increasing. Broadband Edge (BBE) related Management Information Base (MIBS) would be affected during bbe-mibd self-restart.
PR Number Synopsis Category: Bi Directional Forwarding Detection (BFD)
1354409 AE interface and BFD session remain down after interface disable/enable
Product-Group=junos
With Bidirectional Forwarding Detection (BFD) configured on an aggregated Ethernet interface, if you disable/enable the aggregated Ethernet interface, then that interface and the BFD session might not come up.
PR Number Synopsis Category: Border Gateway Protocol
1265504 BGP MIBv2 enterprise MIB objects for InetAddress types not properly generating OIDs
Product-Group=junos
When generating SNMP traps or notifications for BGP events from the jnxBgpM2 MIB, Junos OS does not emit objects of type InetAddress with the expected length field. This will cause compliant SNMP tools to be able to parse the contents of those objects properly. In particular, the length field for the InetAddress OBJECT-TYPE is omitted. Using the set protocols bgp snmp-options emit-inet-address-length-in-oid command causes these objects to emit in a compliant fashion. Given the length of time that this error has been in place, it was decided to leave the existing non-compliant behavior in place to avoid breaking tools that had accommodated the existing behavior as the default.
1396344 Processing a large scale as-path regex will cause the flap of the route protocols
Product-Group=junos
When 'as-path-group' is configured under BGP, if a configuration with a large scale as-path regex is committed, the route protocols flap might be seen.
1432100 The "dead" next-hop might stay in the forwarding table in a BGP-LU scenario after the primary interface recovers
Product-Group=junos
In BGP Labeled Unicast (BGP-LU) scenario, if the device works as penultimate hop and receives BGP-LU routes with indirect next-hop from an egress router, after the operational next-hop interface corresponding to those labeled routes flaps, a "dead" next-hop type (discard action is performed for this type) may be set for the related clone routes (s=0) and still there even the next-hop interface is operational again.
1481589 The rpd process might crash with BGP multipath and route withdraw occasionally
Product-Group=junos
In BGP multipath scenario on all Junos platforms, if original active/best BGP multipath routes got flapped occasionally, some routes, which are changed from best routes to alternative now, are removed from the BGP multipath route list, but its multipath flag are not cleared, due to some temporarily incorrect route reorder in BGP. And when the currently active route got withdrawn for some reason, and the original best routes again become the best routes then rpd might hit an assert and crash.
PR Number Synopsis Category: BBE Remote Access Server
1402012 The authd crash might be seen due to a memory corruption issue
Product-Group=junos
In subscriber scenario, the authd might crash multi-times due to a memory corruption issue.
1402653 The subscribers might need to take login retry in the scenario with high usage of the address pool
Product-Group=junos
On all Junos platforms running in subscriber scenario with address pool configured, if the address pool has high usage so that only few addresses are free to allocate, when there are subscribers logout and login, the released address by one subscriber might get re-used and allocated to the other subscriber very soon. Due to this issue, syslog error messages might be seen, and the affected subscriber might need to take retry for login.
1449064 Subscribers login fails when PCRF server is unreachable
Product-Group=junos
In Gx-Plus for Provisioning Subscribers scenario, when the PCRF (Policy and Charging Rules Function) server is unreachable or the diameter protocol is down, the subscriber login might fail to successfully establish a session or the subscribers might fail to bind a service policy by Gx-Plus after the PCRF Server connectivity is restored.
PR Number Synopsis Category: Cassis pfe microcode software
1298161 FPC ppe_img_ucode_redistribute Failed to evict needed instr to GUMEM error reported randomly
Product-Group=junos
In some MX Series deployments running Junos OS, random syslog messages are observed for FPC cards: "fpcx ppe_img_ucode_redistribute Failed to evict needed instr to GUMEM - xxx left". These messages are not an issue and might not have a service impact. These messages will addressed as INFO level messages. On a Packet Forwarding Engine, there are dedicated UMEM and shared GUMEM memory blocks. This informational message indicates some evicting events between UMEN and GUMEN and can be safely ignored.
1303489 MPC Major alarm, with logs: XQCHIP(46):XQ-chip[0]: DROP protect_regs error (status=0x8)
Product-Group=junos
In some scenarios with MPC, Major alarm and following messages are generated. this Major error is triggered due to parity error, and the impacted queue might drop packets,This might impact the forwarding, to recover MPC card need to be rebooted messages log: fpcx XQCHIP(46):XQ-chip[0]: DROP protect_regs error (status=0x8) alarmd[3158]: Alarm set: FPC color=RED, class=CHASSIS, reason=FPC x Major Errors Major alarm set, FPC x Major Errors fpcx XQCHIP(46):XQ-chip[0]: DROP protect_regs error (status=0x8) cli> show chassis alarms 1 alarms currently active Alarm time Class Description 2019-01-25 15:18:03 UTC Major FPC x Major Errors
PR Number Synopsis Category: MX Platform SW - UI management
1498538 SNMP polling does not show correct PSM jnxOperatingState when one of the PSM Inputs failed
Product-Group=junos
SNMP polling does not show correct PSM jnxOperatingState when one of the PSM Inputs failed or not exists
PR Number Synopsis Category: Class of Service
1359767 Configuring host-outbound-traffic under class of service might cause certain devices to stop.
Product-Group=junos
When host-outbound-traffic is configured under class-of-service on an affected platform, a corruption of the TTP packets related to class-of-service marking on the PFE can cause the device to repeatedly crash.
PR Number Synopsis Category: Firewall Filter
1473093 Traffic might not be forwarded into the right queue but the default queue when VPLS traffic has three or more VLAN tags with VLAN priority 5
Product-Group=junos
On the MX platform with MPC line card (except DPC line card) used, if an input firewall filter is configured at the ingress VPLS interface, the packet with a VLAN priority of 5 with three or more VLAN tags might be forwarded into the wrong queue. When this occurs, it might cause traffic loss due to congestion as all traffic is forwarded into the default queue.
PR Number Synopsis Category: Covers Application classification workflows apart from custo
1455465 The traffic loss might occur when application service is configured
Product-Group=junos
On vSRX3.0 platform, traffic loss might occur when application service is configured.
PR Number Synopsis Category: EVPN control plane issues
1362222 EVPN type-5 route might be lost if knob "chained-composite-next-hop ingress no-evpn" is configured
Product-Group=junos
In the scenario of EVPN type 5 route with MPLS encapsulation for EVPN-MPLS on MX Series platforms, if the "chained-composite-next-hop ingress no-evpn" statement is configured, the EVPN type 5 route might be lost in the EVPN routing table.
PR Number Synopsis Category: Express PFE FW Features
1312874 Discrepancy in 'show pfe filter hw summary" output in 17.2R1 release
Product-Group=junos
The "show pfe filter hw summary" command was displaying proper results in 17.2R1. This PR fixed the issue and the output will look like: regress@velit-r0> show pfe filter hw summary Slot 0 Chip Instance: 0 HW Resource Capacity Used Available --------------------------------------------------------- Filters 8191 2 8189 Terms 65536 81 65455 {master:0}
1372944 Junos OS: PTX1000 and PTX10000 Series, QFX10000 Series using non-AFT architectures: A specific genuine packet inspected by sFlow will cause a reboot. (CVE-2020-1617)
Product-Group=junos
An improper initialization of memory in the packet forwarding architecture in Juniper Networks Junos OS non-AFI/AFT platforms which may lead to a Denial of Service (DoS) vulnerability being exploited when a genuine packet is received and inspected by non-AFT/AFI sFlow and when the device is also configured with firewall policers. Refer to https://kb.juniper.net/JSA11000 for more information.
1380917 FPC might crash on PTX or QFX10000 after lo0 filter change
Product-Group=junos
On PTX or QFX10000 platform with vmhost based FPC (i.e. PTX-FPC3, PTX1000), FPC crash might be seen after changing filter under lo0.
PR Number Synopsis Category: SRX1500 platform software
1403727 Throughput or latency performance of all traffic drops when TCP traffic is passing through the device.
Product-Group=junos
On vSRX, SRX1500, SRX4100,SRX4200 and SRX4600 platforms, when TCP Traffic is passing through the device for a certain period, throughput performance of all traffic is dropped about two thirds and latency performance of all traffic is increased up to around 20 ms.
PR Number Synopsis Category: PTX Express ASIC interface
1428307 Interface does not come up after interface flapping and FPC reboot
Product-Group=junos
In PTX with FPC3-PTX and QSFP28 PIC, or MX platforms with EA/ZT-chip based line cards, one of the interfaces on them might not come up after an interface of peer device flapping in short intervals and then restart the local FPC. Due to the BCM8238x chip of Broadcom with a wrong re-timer leading to the local interface remain in "down" state.
1445473 The PTX BCM firmware needs to be upgraded to DE2E
Product-Group=junos
On the PTX5000/PTX3000 router, the t6e-pic (15x100G PIC, 96x10G PIC) Broadcom firmware needs to be upgraded to DE2E through Junos software upgrade. The firmware upgrade process will take up to 5 minutes before the firmware upgrade complete interface will stay in downstate.
1453217 The 100G interface might not come up after flapping on PTX5000
Product-Group=junos
On PTX5000 Router, the 100-Gbps interface might not come up after flapping due to optic reliability issues.
PR Number Synopsis Category: PTX Express ASIC platform
1384435 An enhancement of optimizing the report to the single bit error check
Product-Group=junos
Due to transient hardware condition, single-bit error (SBE) events are corrected and have no operational impact. Reporting of those events had been disabled to prevent alarms and possibly unnecessary hardware replacements. This change applies to all Platforms using Hybrid Memory Controller (HMC).
PR Number Synopsis Category: Kernel software for AE/AS/Container
1370015 Kernel crash might be seen after committing demux related config
Product-Group=junos
In subscriber management scenario, if an AE interface is associated as the underlying-interface of a demux0 unit and both demux0 unit and AE unit (corresponding to the above AE interface) are configured with a duplicated VLAN id, kernel may crash after committing the config. Same core-dump may appear even in a non subscriber-management environment, while adding/modifying an IFL (Any logical link) which has the duplicate VLAN configuration or a bulk configuration.
1390367 Traffic destined to VRRP VIP gets dropped as filter is not updated to related logical interface
Product-Group=junos
On MX platform with enhanced-ip and VRRP configured, if remove/add a child link from AE bundles, traffic destined to VRRP VIP might be dropped.
1440033 Traffic loss is observed on newly added interfaces in AE on "MX and EX platforms"
Product-Group=junos
On MX and EX series devices that support the "enhanced-ip" feature and when the new interface is added to aggregated ethernet (ae), output traffic is observed as 0 on the existing member links. This is being observed due to software issues as wrong weights are being set for existing child interfaces in the AE bundle.
PR Number Synopsis Category: Optical Transport Interface
1297164 100-Gigabit Ethernet interfaces might not come up when "otn-options laser-enable" is configured on PTX Series platforms.
Product-Group=junos
On PTX3000/PTX5000 platforms with P1-PTX-2-100G-WDM Physical Interface Card (PIC), if "otn-options laser-enable" is configured, the 100G interfaces might not come up.
1475777 The interface on MIC3-100G-DWDM might be going down after performing an interface flap
Product-Group=junos
On MX with MIC3-100G-DWDM installed, after performing an interface flap, the interface on 100G DWDM MIC might be going down.
PR Number Synopsis Category: Integrated Routing & Bridging (IRB) module
1461677 In EVPN scenario memory Leak might be observed when proxy-macip-advertisement is configured
Product-Group=junos
In EVPN scenario if "proxy-macip-advertisement" knob is configured, it might cause memory leak. Traffic would be impacted in case the memory leak is not stopped.
PR Number Synopsis Category: ISIS routing protocol
1482983 The output of CLI command of 'show isis interface detail' might be incorrect if 'wide-metrics-only' is enabled for IS-IS and the ASCII representation of the metric in decimal is more than 6 characters long
Product-Group=junos
If 'wide-metrics-only' is enabled for any IS-IS level and a metric configured on the IS-IS enabled interface for that level has ASCII representation in decimal more than 6 characters long, this interface's metric for that level will be merged with 'priority' field value in the output of 'show isis interface detail'.
PR Number Synopsis Category: track re issu control procedure bugs
1256113 Traffic disruption seen when secondary node FPCs come online
Product-Group=junos
On SRX Chassis cluster, Traffic disruption seen on primary node when secondary node FPCs come online
PR Number Synopsis Category: Flow Module
1465944 Junos OS: High-End SRX Series: Multicast traffic might cause all FPCs to reset. (CVE-2020-1634)
Product-Group=junos
On High-End SRX Series devices, in specific configurations and when specific networking events or operator actions occur, an SPC receiving genuine multicast traffic may core. Refer to https://kb.juniper.net/JSA11014 for more information.
PR Number Synopsis Category: JSR Infrastructure
1445791 The show security flow session command fails with error messages when SRX4100 or SRX4200 has around 1 million routing entries in FIB.
Product-Group=junosvae
On SRX4100/SRX4200 platforms, once 1 million Routing Information Base (RIB)/Forwarding Information Base (FIB) routes entries are present on the device, an error might be returned after issuing "show security flow session" or other Command-Line Interface (CLI) which requires the information from Packet Forwarding Engine (PFE).
PR Number Synopsis Category: PFE infra to support jvision
1456275 Queue data might be missing from path '/interfaces/interface/state'
Product-Group=junos
On subscribing to '/interfaces/interface/state/' it might get subscribed to '/junos/system/linecard/interface/traffic/' internally, instead of '/junos/system/linecard/interface/queue/' which might impact traffic.
PR Number Synopsis Category: Layer 2 Control Module
1505710 The l2cpd crash might be seen if adding/deleting ERP config and then restart l2cpd
Product-Group=junos
Core files are generated if you add or delete ERP configuration multiple times and restarted l2cpd or rebooted the box. If this issue is happened, l2cpd does not recover again and generates core file continuously.
PR Number Synopsis Category: Layer2 forwarding on EX/NTF/PTX/QFX
1492746 L2ALD memory leak observed in EVPN/VXLAN deployments
Product-Group=junos
Frequent changes in EVPN/VXLAN mac learning process may trigger L2ALD memory leak
PR Number Synopsis Category: AgentSmith MPC Platform
1433948 Interfaces on MPC-3D-16XGE-SFPP may go down due to CB0 clock failure
Product-Group=junos
On MX Series platforms, if the clock frequency is slowly changing on CB0 (slow drift), the clock source for MPC-3D-16XGE-SFPP may not be changed to CB1, which will cause interfaces on it to go down and remain in the downstate.
PR Number Synopsis Category: Multiprotocol Label Switching
1181407 Using CCC for remote-interface-switch or LSP-switch requires self-ping to be disabled
Product-Group=junos
When configuring CCC remote-interface switch or LSP switch, self-ping should be disabled on the LSPs, referred to in the CCC configuration, by configuring the following: [edit protocols mpls label-switched-path lsp1] + no-self-ping. If this configuration is not set, LSPs will not complete the make-before-break (MBB) process.
1406400 The rpd might crash when RSVP bypass path flaps
Product-Group=junos
In the MPLS-TE with RSVP scenario, in rare cases, when bypass path of RSVP goes down or comes up, CSPF re-calculation is triggered by this update event of state changing and rpd needs to try to remove/add this path from the TED (Traffic Engineering Database), but at that moment, the TED database corruption happens and that may cause the rpd crash.
1460283 Pervious configured credibility preference it is not considered by CSPF despite the configuration is deleted or changed to prefer another protocol in TED
Product-Group=junos
After configuring the credibility, the new credibility preference value will be stored internally and its not cleared or consider by the CSPF module, incase if the perviously configuration of "traffic-engineering credibility-protocol-preference" was deleted or if you configure "traffic-engineering credibility-protocol-preference" under another protocol (for example ISIS)
PR Number Synopsis Category: Multi Protocol Label Switch OAM
1399484 The rpd process might crash when executing "traceroute mpls bgp"
Product-Group=junos
When traceroute is performed to a remote host for an MPLS LSP using the command "traceroute mpls bgp", in very rare cases, it is possible that mplsoam daemon is holding the stale BGP instance handle in the query to the rpd process to get the information for the Forwarding Equivalence Class (FEC). Hence rpd crash might occur because of the invalid instance and cause traffic impact till rpd comes back up.
PR Number Synopsis Category: Multicast for L3VPNs
1442054 Memory leak might happen if PIM messages received over an MDT (mt- interface) in Draft-Rosen MVPN scenario
Product-Group=junos
On all Junos platforms configured in the Draft-Rosen Multicast Virtual Private Network (MVPN) scenario, if Protocol Independent Multicast (PIM) messages are received over an Multicast Distribution Tree (MDT) tunnel logical interface (mt- interface), there might be memory leak which will lead to the rpd process crash.
PR Number Synopsis Category: OS IPv4/ARP/ICMPv4
1442815 ARP resolution might fail after ARP HOLD NHs are added and deleted continuously.
Product-Group=junos
ARP (Address Resolution Protocol) address resolution might fail after ARP HOLD NHs (next-hop) are getting added and deleted from ARP entries continuously.
PR Number Synopsis Category: FreeBSD Kernel Infrastructure
1198395 The /var/run is in storage file system but it should be in memory file system
Product-Group=junos
The /var/run is in the storage file system but it should be in the memory file system.
1360444 Error messages might be seen when the system boots up
Product-Group=junos
nfsd not running causing the core to fail to be written to the memory ms22 /etc/mount-re: Mounting 128.0.0.1:/var/tmp/pics on /var/re: mount_nfs failed/timed out Capture below to validate if you see the above logs. root@ms22% mount root@ms22% df -k
1367477 The FPC might go down on some vmhost based PTX/QFX platforms
Product-Group=junos
On PTX1000/PTX10001-20C/PTX10002-60C/QFX10002-60C, the Flexible PIC Concentrator (FPC) might reboot which might result in the FPC not coming up or the system becoming unresponsive.
1410542 The chassisd process might crash due to a thread locking defect
Product-Group=junos
The chassisd crash with core dump file might be seen if some error happens in chassisd syslog functionality. Traffic is impacted as FPCs are restarted.
1463802 The scheduled tasks might not be executed if "cron" daemon goes down without restart automatically
Product-Group=junos
The service utility "cron" runs in the background and regularly checks /etc/crontab for tasks to execute and searches /var/cron/tabs for custom crontab files. These files are used to schedule tasks which "cron" runs at the specified times. "cron" daemon is started during boot. If for some reason, the "cron" process exits, the scheduled tasks will not be executed. "cron" was not restarted automatically and had to be started manually.
PR Number Synopsis Category: "ifstate" infrastructure
1439906 FPC might reboot if jlock hog occurs on all Junos VM based platforms
Product-Group=junos
On a JUNOS VM using TSC clocking from the host system, "jlock hog" messages may be seen. This may lead to FPCs reboot.
PR Number Synopsis Category: OSPF routing protocol
1489637 The rpd crashes when reset OSPF neighbours
Product-Group=junos
On all Junos platforms, if more than one million routes are installed into Open Shortest Path First (OSPF) routing table, also, either Nonstop Active Routing (NSR) or Graceful Routing Engine Switchover (GRES) with warm standby is enabled, rpd might crash on backup routing engine (RE) when OSPF neighbors are reset. This is a scaled issue. This issue could be recovered after rpd on backup RE self-restart.
PR Number Synopsis Category: PTX5KBroadway based PFE IPv4, IPv6 software
1254415 PTX FPC is reporting TQCHIP : Fatal error pqt_min_free_cnt is zero
Product-Group=junos
PTX Series platforms with the FPC-PTX-P1-A or FPC2-PTX-P1A line card might encounter a single event upset (SEU) event that can cause a linked-list corruption of the TQCHIP. The following syslog message is reported: Jan 9 08:16:47.295 router fpc0 TQCHIP1: Fatal error pqt_min_free_cnt is zero Jan 9 08:16:47.295 router fpc0 CMSNG: Fatal ASIC error, chip TQ Jan 9 08:16:47.295 router fpc0 TQ Chip::FATAL ERROR!! from PQT free count is zero jan 9 08:16:47.380 router alarmd[2427]: Alarm set: FPC color=RED, class=CHASSIS, reason=FPC 0 Fatal Errors - TQ Chip Error code: 0x50002 Jan 9 08:16:47.380 router craftd[2051]: Fatal alarm set, FPC 0 Fatal Errors - TQ Chip Error code: 0x50002 Junos OS Chassis Management Error handling does detect such condition, and raises an alarm and performs the disable-pfe action for the affected PFE entity. To recover this PFE entity, a restart of the FPC is needed. Soft errors are transient or non-recurring. FPCs experiencing such SEU events do not have any permanent damage. Contact your Juniper support representative if the issue is seen after a FPC restart.
PR Number Synopsis Category: vMX Platform Infrastructure related issue tracking
1343170 The vFPC might get absent resulting in the total loss of traffic
Product-Group=junos
On the MX150 platform, the vFPC (virtual Flexible PIC Concentrator) might get absent and the l2cpd and chassisd might crash. Hence all the traffic is discarded.
PR Number Synopsis Category: PTP related issues.
1461031 The PTP function may hog kernel CPU for a long time
Product-Group=junos
If the PTP function is configured, the process ppmd may be starved due to the defect that PTP function hog kernel CPU for a long time (>100ms), which can cause the "keep-alive" of the corresponding functions timeout such as ppmd based functions - LFM, BFD.
PR Number Synopsis Category: Chassis mgmt for all QFX systems - chassis MIB, alarms, CLI
1357971 Some harmless logs might be seen
Product-Group=junos
Due to a bug in Broadcom code for older SDK version 6.5.8 there is a possibility one could see errors related to "soc_ser_counter_info_get" and "ser mem info is not initialized" on "vty fpc0" logging. These messages are harmless and does not impact any functionality in Broadcom SDK.
1475851 [Tencent] ULC-30Q28 FPC major error after system boot up or fpc restart
Product-Group=junos
FPC is reporting Major Error because of SHUTDOWN ERI failure during BIST with repair on HMC having FW version >= 0x9c. BIST with repair is incorporated during boot up, so this Major Error will be reported during boot up having FW>=0x9c on HMC. During debugging, its found that this ERI is getting issued even before the HMC was brought up which is resulting into this Error. So added bringup steps for HMC before the BIST procedure starts as done for vale-ptx.
PR Number Synopsis Category: QFX Platform related (SYSLOG/ALARMS/miscellaneous)
1409448 The 10G fiber interfaces might flap frequently when they are connected to other vendor's switch
Product-Group=junos
When QFX5100 and other vendor's switch are connected via 10G fiber link, flaps may happen sometimes.
PR Number Synopsis Category: QFX PFE Class of Services
1445960 CoS classifier might not work as expected
Product-Group=junos
On QFX5000 Series platforms(except for the QFX5100) in the VxLAN scenario, the traffic is not classified properly on the UNI interface which has multiple VLANs configured.
1480522 QFX5100 VC : CoS ETS/Scheduler not getting applied on VCP Ports : CoS not getting programmed at PFE
Product-Group=junos
QFX5100 VC : CoS ETS/Scheduler config may not work on VCP Ports. Switch won't through a commit error on applying the CoS config on but VCP CoS won't get programmed at PFE. Issue resolved in 18.1R3-S9 & 17.3R3-S8.
PR Number Synopsis Category: QFX L2 PFE
1414213 QFX5K: EVPN / VxLAN: Mutlicast NH limit is 4K
Product-Group=junos
In QFX5K, multicast next hop limit is 4K. so based on the configuration, if there are more than 4K multicast NHs getting created, some of NHs won't be installed and you may see traffic drop for those groups.
1500825 On QFX5100, ERPS may not work correctly
Product-Group=junos
On QFX5100, ERPS may not work correctly on branch which as 1473610 fix, due to stp instance programming failure in hardware.
PR Number Synopsis Category: QFX VC Infrastructure
1394060 The unknown log frequently show up on VC console
Product-Group=junos
This issue is due to the DMA access. This issue was with the old BSD kernel and It is fixed on the latest BSD kernel .
PR Number Synopsis Category: RPD Next-hop issues including indirect, CNH, and MCNH
1439317 Packet drop might be seen on ACX Series platform when chained composite next hop is enabled for L3VPN.
Product-Group=junos
On ACX platform, packet drop might be noticed at Packet forwarding Engine (PFE) if chain composite for L3VPN is enabled in PE-PE directly connected scenario for those destinations that points to chain composite. The issue is seen when RPD ends up creating route pointing to chain composite instead of indirect nexthop for PE-PE directly connected.
PR Number Synopsis Category: Resource Reservation Protocol
1368177 RPD might restart after an MPLS LSP flap if "no-cspf" and "fast-reroute" are configured in an LSR ingress router.
Product-Group=junos
RPD may restart unexpectedly after an MPLS LSP flap when "no-cspf" and "fast-reroute" are configured in LSR ingress router
1401152 A single-hop bypass LSP might not be used for traffic when both transit chaining mode and sensor-based-stats are used.
Product-Group=junos
On JunOS platforms with transit chaining mode enabled, if Resource Reservation Protocol (RSVP) link/node protection is enabled and sensor-based-stats is used, a single-hop bypass label-switched path (LSP) nexthop might not be installed in forwarding information base (FIB) even it is in routing information base (RIB). Hence the single-hop bypass LSP will fail to forward traffic when needed.
PR Number Synopsis Category: SW PRs for SCBE3 fabric
1491968 FPCs might stay down or restart when swapping MPC7/8/9 with MPC10/11 or vice versa in the same slot
Product-Group=junos
In MX240/MX480/MX960 routers with SCB3E or MX2010/2020 with SFB3 scenario, if MPC7E/8E/9E is swapped with MPC10E/11E each other or vice versa in the same slot, the different encoding mode between two MPCs might cause SCB3E/SFB3 to not change the mode gracefully according to the new MPC type inserted. This causes fabric destination errors which can trigger fabric healing mechanisms and cause system-wide impact due to fabric planes and FPCs getting reset. [TSB17748]
PR Number Synopsis Category: IPSEC functionality on M/MX/T ser
1354757 Newly provisioned IPsec tunnel could not forward traffic
Product-Group=junos
A newly provisioned IPsec tunnel may not forward traffic. This issue gets triggered in certain specific conditions wherein the RE daemon(kmd) processes the Outside MS-IFL UP event followed by Inside MS-IFL UP event. Normally, kmd receives Inside MS-IFL UP event followed by Outside MS-IFL UP event and this is one of the main reason that this issue is very hard to reproduce.
1444183 The kmd process might crash and restart with a kmd core file created if IP of NAT mapping address for IPsec-VPN remote peer is changed
Product-Group=junos
The kmd (Key Manager Daemon) process is mainly responsible for IPSec key negotiation. When IPsec-VPN peers enable Network Address Translation-Traversal (NAT-T) and established IKE SA (IPsec security associations) with Dynamic Endpoint (DEP) tunnel through the intermediate NAT device, the kmd might crash when IP of NAT mapping for IPsec-VPN remote peer is changed. The kmd crash may result in IPSec traffic loss. When kmd crashes, the established IPsec tunnel will not be affected, unless the IPsec SA re-negotiate happens to take place during the kmd restarting. For the new establishing IPSec tunnel, it cannot be established until kmd comes back up automatically. In rare cases, the kmd will restart, but it may crash again.
PR Number Synopsis Category: Generic platform and infra issues for MS-MIC and MS-MPC(XLP)
1102367 MS-MIC, MS-MPC might generate coredump upon receiving fragmented traffic
Product-Group=junos
On MX Series routers where MS-MIC or MS-MPC is inserted, certain combinations of fragmented packets might lead to an MS-MIC or MS-MPC coredump.
PR Number Synopsis Category: SFW, CGNAT on MS-MIC/MS-MPC (XLP)
1366259 MS-MPC/MS-PIC might be crash in NAT scenario.
Product-Group=junos
MS-MPC/MS-PIC might be crash if two or more service sets configured with the same prefix lists and SIP ALG is configured in NAT scenario.
PR Number Synopsis Category: MPC7, MPC8, MPC9, SFB2, MRATE & 8x100 MICs
1354070 The log of "SMART ATA Error Log Structure error: invalid SMART checksum." might be seen on FPC with WINTEC mSata SSD
Product-Group=junos
The log of "SMART ATA Error Log Structure error: invalid SMART checksum." might be seen on FPC with WINTEC mSata SSD
PR Number Synopsis Category: MPC7/8/9 Interface Issues
1441816 Egress stream flush failure and traffic blackhole might occur
Product-Group=junos
Egress stream flush failure and silent dropping of traffic could occur in a rare occasion for a repeatedly flapping link on MPC7E, MPC8E, MPC9E cards, MX204 and MX10003.
PR Number Synopsis Category: MX10003/MX204 MPC defects tracking
1336575 Random JUNOS MPC7|8|9E cards failed to start after software upgrade with PFE syslog message "BIST has detected error, err code id ". Internal BIST failed
Product-Group=junos
Random JUNOS MPC7|8|9E card BIST has detected error, err code id and fail to initalize after software upgrade In software fix, we enhance HMC for NVM write.
1474231 QSA adapter Lane 0 port might be also brought down when disabling one of the other lanes
Product-Group=junos
When QSA adapter is installed, the Lane 0 port might be also in down state when disabling one of the other lanes (1, 2 or 3) due to the chan number not entertained. It is not expected behaviour and it might affect service.
PR Number Synopsis Category: Trio pfe qos software
1382288 One single port with Dual stack subscribers pppoe/dhcpv6 drop all the connections and no subscribers seen now.
Product-Group=junos
One single port with dual stack subscribers pppoe/dhcpv6 drop all the connections and no subscribers are seen.
1418602 FPC log messages: "Q index(xxxxx) is not allocated"
Product-Group=junos
The cause of the messages is a race condition. For each IFL, IFLSET or IFD object, HALP statistics module reads stats values from hardware for the individual queues. HALP stats module is implemented as a separate stats thread and while stats thread is waiting, PFEMAN thread may assign different queues to the IFL/IFLSET/IFD object. After stats thread gets CPU back, before reading HW for the next queue, stats thread needs to validate that queue is still applicable, which fails if we see the message. The messages are harmless and can be ignored.
PR Number Synopsis Category: Trio pfe bridging, learning, stp, oam, irb software
1412457 Ethernet MAC addresses may not be learnt after performing the "clear bridge mac table"
Product-Group=junos
An LU-base MPC may not learn Ethernet MAC address after the "clear bridge mac table" command is issued. Examples of LU-based MPC are the MPC2/3/4 and MPC-3D-16XGE
1420626 The unicast traffic to destination reachable over IRB and LSI with two next-hops might be dropped due to PFE mis programming
Product-Group=junos
On MX Series routers with Trio chip set based MPCs, unicast traffic might get dropped when the destination is reachable over an integrated routing and bridging (IRB) interface and a label-switched interface (LSI) with two next hops.
1472222 JDI-RCT:M/Mx: Linecard Errors found at HALP-trinity_nh_dynamic_mcast_add_irb_topo:3520 snooping-error: invlaid IRB topo/ IRB ifl zero in l2 nh 40495 add IRB
Product-Group=junos
Linecard Errors found at HALP-trinity_nh_dynamic_mcast_add_irb_topo:3520 snooping-error: invlaid IRB topo/ IRB ifl zero in l2 nh 40495 add IRB
PR Number Synopsis Category: Trio pfe l3 forwarding issues
1381527 Constant memory leak might lead to FPC memory exhaustion
Product-Group=junos
On MX, EX9200, SRX4600 or SRX5000 platforms, constant memory leak might occur on a Flexible PIC Concentrator (FPC). This might finally lead to memory exhaustion and the FPC might crash and generate a core file. [TSB17775]
PR Number Synopsis Category: Trio pfe multicast software
1457166 JDI-RCT:M/Mx: Expected pim joins are not learnt after performing GRES
Product-Group=junos
JDI-RCT:M/Mx: Expected pim joins are not learnt after performing GRES
PR Number Synopsis Category: Issues related to port-mirroring functionality on JUNOS
1486749 VPLS port-mirroring is sending packet without ethernet header on the outbound direction
Product-Group=junos
Egress monitored traffic is not mirrored to destination for Analyzers on MX router, where handling of traffic was not supported in egress mirroring case for L3 as input interface.
PR Number Synopsis Category: UI Infrastructure - mgd, DAX API, DDL/ODL
991081 The configuration change on Backup RE cannot be synchronized while deleting inactivated interfaces/routing-instances from master
Product-Group=junos
In the dual Routing Engine scenario, the backup Routing Engine does not sync up the configuration change while deleting an inactivated interface/routing-instances from the master. So after the operation, the inactivated interface/routing-instances still exists on the backup Routing Engine.
PR Number Synopsis Category: PTX/QFX10002/8/16 specific software components
1412318 hostname does not update at FPC shell after system configuration change on CLI
Product-Group=junos
On PTX platform, hostname does not update at FPC shell after host name change unless FPC reboot.
PR Number Synopsis Category: VMHOST platforms software
1349373 FPCs may reboot continuously until the Routing Engine reboot
Product-Group=junos
On a next-generation Routing Engine (NG-RE), a failure of the Hardware Random Number Generator (HWRNG) will leave the system in a state where there is not enough entropy available to operate. Please refer to TSB17734(http://kb.juniper.net/InfoCenter/index?page=content&id=TSB17734) for more details.
PR Number Synopsis Category: Virtual Private LAN Services
1295664 LSI interface might not be created causing remote MACs not being learned with an error log of "RPD_KRT_Q_RETRIES: ifl iff add: Device busy"
Product-Group=junos
With VPLS being configured, after upgrade to 15.1/16.1/17.x releases, in some circumstances VPLS LSI interface is not correctly created, causing remote MACs not being learned and L2 VPLS outage. The issue is not reproduced and the code change is not a fix but adds a instrumentation using a hidden command 'show vpls ipc-history', which should be captured right away when the issue is seen on latest releases. show vpls ipc-history <<<<< show vpls connections show krt queue show route forwarding-table extensive /var/log/messages
Modification History:
First publication 2020-06-25
Comment on this article > Affected Products Browse the Knowledge Base for more articles related to these product categories. Select a category to begin.

Getting Up and Running with Junos

Getting Up and Running with Junos Security Alerts and Vulnerabilities Product Alerts and Software Release Notices Problem Report (PR) Search Tool EOL Notices and Bulletins JTAC User Guide Customer Care User Guide Pathfinder SRX High Availability Configurator SRX VPN Configurator Training Courses and Videos End User Licence Agreement Global Search